Types of Attacks
Note: The below list is non-exhaustive. There can be many types of cyber attacks.
Types of Ransomware
Ransomware is an extreme form of malware (malicious software) that has infected your computer and will block all access to your files until a fee (i.e. ransom) has been paid to release the lock. Two types of ransomware are as follows:
Return to Top
- Encrypting Ransomware — This ransomware will lock your files and folders using encryption. Typically, it requires a pass code to decrypt your files so you can access them.
- Locker Ransomware — This Ransomware will lock your computer so that you cannot access the desktop, files, or applications. It can infect the portion of the hard drive that allows the Operating System to boot.
How to Defend Against Ransomware
Return to Top
- Keep your software up-to-date: Critical security updates are regularly applied to modern operating systems (e.g. Windows and macOS). Ensure that your OS and anti-virus software has the latest updates to help prevent the latest malware. Enable automatic updates and scheduled installation whenever possible.
- Backup your data: Use cloud storage, such as OneDrive, Dropbox, or Google Drive to keep your data secure. Disconnect external hard drives from your PC when not in use. The hard drive cannot be locked with ransomware if it is not connected to the computer.
- Be wary of emails: If you receive email from an unknown source with active hyperlinks, investigate before opening. Verify the sending email address, hover your mouse over any hyperlinks to see the URL first. More email tips are below in the Phishing section.
Types of Phishing
Phishing is a fraudulent attempt to obtain personal information from you, such as passwords, banking information, etc. and is most commonly sent via email. There are 4 main types of phishing attacks:
Return to Top
- Deceptive Phishing — The most common phishing type, usually from a recognized group or company. Often these ask for you to verify your account information (such as logins and passwords), ask you to change passwords via their link, and/or make a payment.
- Spear Phishing — This is similar to deceptive phishing, except that they will be more specific when contacting you, meaning that it may appear as a personal contact to you. A link asking you to provide information typically will be in the email body.
- Phishing Calls — Individuals will pretend to be from a company that you do business with and may ask you for a payment, login and password information, etc over the phone.
- CEO Fraud/Whaling — This phishing type relies on impersonating a head of the organization to obtain sensitive data, attack the network, etc.
How to Identify a Phishing Scam
Return to Top
Don't trust the display name: On a phishing email, the sender's email display name may look correct, but the actual email address won't. The email may look something like this:
LLCC IT Department <email@example.com> or
The name may be correct, but the email address looks suspicious because the domain is not genuine. In the first example the domain name should be
secure.com. In the second example, the domain name should be
This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Check the email address in the header. If it looks suspicious, don't open the email and forward it to firstname.lastname@example.org
- Look but don't click: Hover your mouse over any links embedded in the body of the email. Sometimes the URL text in the email will not match the actual URL of the hyperlink. If the actual link address looks suspicious, don't click on it. You can type in the URL directly instead of clicking the link in the email.
- Check for spelling mistakes: Brands are pretty serious about email. Legitimate messages typically do not have major spelling mistakes or poor grammar. Read your emails carefully.
- Analyze the salutation: Is the email addressed to a vague "Valued Customer"? Legitimate businesses will often use a personal salutation with your first and last name.
- Don't give up personal information: Legitimate banks and most other companies will never ask for personal credentials via email. LLCC and the IT Help Desk will never ask you for your Login Name and Password or any other personal information.
- Beware of urgent or threatening language in the subject line: Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your "account has been suspended", your account had an "unauthorized log in attempt" or "your email is over its storage limit".
- Review the signature: Lack of details about the signer or how you can contact a company strongly suggests a phishing attempt. Legitimate businesses always provide contact details.
- Don't click on attachments: Including attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords, or spy on you without your knowledge. Don't open any email attachments you weren't expecting.
- Don't believe everything you see: Just because an email has convincing brand logos, language, and a seemingly valid email address does not mean that it's legitimate. Be skeptical when it comes to your email messages. If any part of an email looks suspicious, don't open it and forward it to email@example.com.