Attack Vectors

What are attack vectors? They are the methods that adversaries use to breach or infiltrate networks. Malicious actors use a variety of attack vectors to compromise the security of individuals and organizations.  However, within this section we will outline the following four main categories:


Pronounced just like fishing, phishing is the “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.” (Hadnagy, Fincher. Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Wiley, 2015).


Vishing, also known as voice phishing, is the practice of eliciting information or attempting to influence action via the telephone.


Impersonation is the practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.


SMiShing is the act of using mobile phone text messages, SMS (Short Message Service), to lure victims into immediate action. This action may include downloading mobile malware, visiting a malicious website, or calling a fraudulent phone number.

Timing the Attack Vectors

Like interconnecting gears, bad actors often coordinate the timing of these four main attack categories. For example, a bad actor may first send a phishing email and then follow it up with a vishing call.  Doing so increases the effectiveness of the attack making it extremely dangerous.

Attack VectorsImage: