> ## Documentation Index
> Fetch the complete documentation index at: https://sec.c2c-tech.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Recognizing Common Cyber Threats

### Major threats:

<Frame>
  <img src="https://mintcdn.com/c2c/9azpwdYaGpCktfUD/images/image2.jpg?fit=max&auto=format&n=9azpwdYaGpCktfUD&q=85&s=f4f0f74af028371fa3ea66eac86f3392" alt="Screenshot of a deployment confirmation message that says All checks have passed." style={{ borderRadius: '0.5rem' }} width="2062" height="1200" data-path="images/image2.jpg" />
</Frame>

# Phishing

Phishing is a **cyberattack** that tricks users into **revealing sensitive information** or **installing malware** by impersonating trusted organizations.

## Common Types

* **Email Phishing**
* **Spear Phishing (targeted)**
* **Smishing (text messages)**
* **Vishing (phone calls)**
* **Clone Phishing**

## How to Protect Yourself

* **Verify the sender** and **hover over links** before clicking
* **Don’t open unknown attachments**
* Use **strong, unique passwords** and **MFA**
* **Report suspicious messages** immediately
* Malware / Ransomware – Harmful software
* Password attacks – Guessing or stealing your login
* Insider threats – Mistakes or misuse from inside
* Social engineering – Manipulation to gain information

***

# Malware & Ransomware

Malware is **malicious software** designed to damage systems, steal data, spy on users, or gain unauthorized access.

**Examples:**

* Viruses

* Trojans

* Spyware

* Worms

* Keyloggers

***

## Ransomware

Ransomware is a **type of malware** that encrypts files or locks systems and demands payment to restore access.

**Examples:**

* WannaCry

* Ryuk

* LockBit

* CryptoLocker

***

## How Systems Get Infected

* Phishing emails and malicious links

* Infected attachments or downloads

* Unpatched software vulnerabilities

* Malicious websites or USB devices

***

## How to Prevent Malware/Ransomware

* Keep systems and software **updated**

* Use **antivirus / endpoint protection**

* Enable **firewalls and email filtering**

* Use **strong passwords + MFA**

* **Back up data regularly** (offline or secure backups)

* Avoid unknown links and attachments

***

# Password Attacks

A password attack occurs when attackers attempt to **steal, guess, or crack passwords** to gain unauthorized access to accounts or systems.

***

## Common Types

* **Brute Force:** Tries many password combinations

* **Credential Stuffing:** Uses leaked passwords from other sites

* **Phishing:** Tricks users into revealing passwords

* **Keylogging:** Records keystrokes secretly

***

## How to Prevent it

* Use **strong, unique passwords**

* Enable **Multi-Factor Authentication (MFA)**

* **Never reuse passwords**

* Use a **password manager**

* Lock accounts after **failed login attempts**

* Stay alert for **phishing messages**

***

# Insider Threats

An insider threat occurs when a **current or former employee, contractor, or partner** misuses authorized access—**intentionally or accidentally**—to harm an organization.

***

## Types of Insider Threats

* **Malicious:** Steals data or sabotages systems

* **Negligent:** Makes mistakes (weak passwords, phishing clicks)

* **Compromised:** Account taken over by attackers

***

## How to Prevent it

* Apply **least-privilege access**

* Use **MFA** and strong passwords

* Monitor **user activity and logs**

* Provide **regular security training**

* Enforce **clear security policies**

* Remove access **immediately** when roles change

***

# Social Engineering

A social engineering threat is an attack that **manipulates people rather than systems** to trick them into revealing sensitive information or performing unsafe actions.

***

## Common Examples

* **Phishing emails and fake websites**

* **Pretexting:** Fake identity or story to gain trust

* **Baiting:** Infected USB devices or free downloads

* **Tailgating:** Unauthorized physical access

* **Vishing and Smishing**

***

## How to Prevent

* **Verify identities** before sharing information

* Be cautious of **urgent or emotional requests**

* **Never share passwords or OTPs**

* Use **MFA** and strong passwords

* Follow **security policies** and report suspicious activity

* Provide **regular security awareness training**
