fishing fishing is when hackers trick you into giving them your personal information by pretending to be someone you trust like your bank or a social mediaite they might send you fake emails or messages that look real but aren't spear fishing spear fishing is a more targeted version of fishing instead of sending out generic Fake Messages hackers aim their attacks at specific people or companies they often know a lot about their target making their messages even more convincing wailing whaling is fishing for the big fish important people like like CEOs or Executives hackers craft highly personalized messages to trick these high-profile targets into revealing sensitive information malware malware is bad software designed to harm your computer or steal your information it includes things like viruses Trojans and ransomware think of it as a digital disease that infects your computer ransomware ransomware locks up your files or system and demands money to unlock them it's like a digital kidnapper holding you data hostage until you pay a ransom spyware spyware secretly watches what you do on your computer and sends that information to the hacker it can track your keystrokes catch your screenshots or even turn on your webcam without you knowing Trojan Horse a trojan horse is software that looks useful or fun but hides harmful code once you install it the hidden malware inside can take over your computer it's like opening a friendly looking gift that has a nasty surprise inside worms worms are programs that copy themselves and spread across networks without any any help from you they move from computer to computer causing damage along the way like a digital pest infestation SQL injection SQL injection is a trick hackers used to get into a website's database by inserting malicious code this can let them steal change or delete data it's like finding a back door into a secure building cross-site scripting xss xss is when hackers put harmful code into a website which then runs in your browser when you visit this can steal your information or hijack your session denial of service dose and distributed denial of service dos dose and dos attacks flood a website or network with so much traffic that it crashes and stops working man in the middle mitm in an mitm attack hackers secretly intercept communication between two parties they can steal or change the information being exchanged like someone eavesdropping on your phone call and altering what's being said Brute Force attack Brute Force attacks are all about guessing passwords hackers try every possible combination until they get the right one it's like trying every key on a keying until you find the one that opens the door credential stuffing hackers use stolen usernames and passwords from one site to try and log in to other sites betting that people use the same passwords everywhere zerod day exploit a zero day exploit takes advantage of a security flaw that no one knew about before it's like discovering and using a secret weak spot in a fortress before anyone else realizes it's there social engineering social engineering tricks people into giving away their personal information or doing something they shouldn't hackers might pretend to be someone you trust or create a sense of urgency to get you to act quickly key logging key loggers record everything you type on your keyboard capturing passwords and other sensitive info it's like having someone secretly watching over your shoulder and writing down everything you say session hijacking session hijacking takes over a user session after they've logged into a secure system hackers can then pretend to be that user and access their data DNS spoofing DNS spoofing tricks your computer into connecting to a fake website instead of the real one it's like changing the road signs to send you to the wrong place without you knowing Watering Hole attack in a watering hole attack hackers infect a website that a particular group of people often visit when the group members visit the site their computers get infected it's like poisoning a common drinking spot to affect everyone who goes there clickjacking clickjacking hides malicious actions under legitimate buttons or links on a website when you click you end up doing something harmful without realizing it it's like placing a fake button over a trap door Rogue software Rogue software pretends to be helpful like fake antivirus programs but it's actually harmful it tricks you into installing it and then causes damage or steals your data eavesdropping eavesdropping attacks listen in on private Communications stealing information as it's sent exploit kits exploit kits are tools that automate the process of finding and exploiting vulnerabilities in software hackers use these kits to launch multiple attacks quickly drrive by download drrive by downloads happen when you visit a compromised website and malicious software is downloaded to your computer without your knowledge it's like stepping on a nail while walking and getting hurt without realizing it rootkits root kits are programs that give hackers control over your computer without you knowing they hide deep within your system making them hard to detect back door a back door is a hidden way into a system that bypasses normal Security checks hackers use back doors to sneak in without setting off alarms botn Nets botn Nets are networks of infected computers controlled by hackers they can be used to launch large scale attacks or send out spam emails password spraying password spraying is when hackers try a few common passwords on many accounts instead of trying many passwords on one account it's like testing a few popular keys on many locks hoping one will fit cryptojacking cryptojacking secretly uses your computer's resources to mine cryptocurrency you might not even notice except that your computer is running slower firmware hacking firmware hacking targets the low-level software that controls Hardware components it can give hackers deep access to your system 32 cross-site request forgery csrf csrf tricks you into performing actions on a website you're logged into without your knowledge it's like having someone for your signature to authorize a transaction privilege escalation privilege escalation is when hack hackers gain higher access levels than they're supposed to have this can allow them to control more of the system it's like finding a janitor's key that opens all the doors in a building 34 command injection command injection lets hackers run dangerous commands on a server by exploiting poorly coded applications it's like finding a way to slip instructions to a machine that it wasn't meant to follow session fixation session fixation forces a user to use a specific session ID which the hacker can then hijack it's like a signing someone a ticket that you can later claim and use yourself shoulder sing shoulder sing is the simple Act of looking over someone's shoulder to see what they're typing or viewing blue snarfing blue snarfing is the unauthorized access of information from a Bluetooth enable device hackers can steal contacts messages or files without you knowing bluejacking bluejacking sends unsolicited messages to Bluetooth enabled devices it doesn't steal information but can be annoying and intrusive it's like slipping note to someone without their consent seene swapping SIM swapping tricks your phone provider into transferring your phone number to a hacker SIM card this lets them intercept your messages and calls jailbreaking SL rooting jailbreaking or rooting removes software restrictions on a device giving the user or hacker full control over the system stay safe and see you next time [Music] n [Music]