Cyber Rebels

  • Mon - Fri : 9:00 -17:00
Neotech-icon-facebook-f Neotech-icon-twitter Neotech-icon-linkedin-in Neotech-icon-instagram
Cyber Rebels logo with padlock design.
Menu
0 £0.00

Have Any Questions?

Book A Call

Get In Touch
breacumb linear4
breacumb linear5
Cyber Threats Explained

Cyber Threats Explained

Most cyber threats do not arrive looking like obvious attacks. They show up as normal emails, messages, calls, login prompts, downloads, and requests that make sense in the moment.

This glossary explains some of the most common threats people and businesses may encounter, what they look like in practice, and how to reduce the risk of them succeeding.

Emails, Messages & Calls

These are some of the most common ways cyber threats show up in everyday work. They often arrive as part of normal communication, which is exactly why they can be so easy to trust.

Phishing

What it is
Phishing is when someone sends a fake email or message designed to trick you into clicking a link, opening a file, or giving away information.

How it works
It works by making the message feel familiar, relevant, or urgent. It may appear to come from a trusted service, colleague, or supplier, and often tries to prompt quick action before you have time to stop and question it.

What it looks like
You are in the middle of something and an email arrives with a document to review, a login issue to fix, or a request to confirm details. Nothing about it feels unusual enough to slow you down, so it gets opened or clicked.

How to prevent it
Be cautious with unexpected links, files, or login requests. If something asks you to act quickly, pause and verify it through a separate route rather than relying on the message itself.

Smishing

What it is
Smishing is phishing carried out through text messages.

How it works
Attackers send messages that appear to come from delivery companies, banks, service providers, or government organisations. They rely on timing, convenience, and the fact that people often trust texts more than emails.

What it looks like
A message says a parcel could not be delivered, a payment has failed, or an account needs urgent attention. It arrives at just the right moment and includes a link that seems quick and easy to use.

How to prevent it
Avoid clicking links in unexpected text messages. If something appears important, go directly to the official website or app instead.

Vishing

What it is
Vishing is when attackers use phone calls to persuade someone to share information or carry out an action.

How it works
The caller may pretend to be from IT support, a bank, a supplier, or another trusted organisation. The goal is usually to create urgency, establish trust quickly, and guide the person into handing something over.

What it looks like
You receive a call saying there is a problem with your account, your device, or a payment. The person sounds calm and helpful, and the request feels routine enough to follow.

How to prevent it
Never share passwords or sensitive information over the phone unless you initiated the call and are certain who you are speaking to. If unsure, hang up and call the organisation back using a known number.

Business Email Compromise (BEC)

What it is
Business Email Compromise is when attackers manipulate email conversations to redirect payments or request sensitive information.

How it works
It often involves access to a real email account or a convincing imitation of one. Attackers monitor conversations and step in at the right moment, making a small but important change such as updated bank details or a new payment instruction.

What it looks like
An invoice is already expected. A project is already under way. A message arrives in the same thread, with the same tone and the same signature, but with different payment details. Everything else looks right, so it gets processed.

How to prevent it
Independently verify any change to payment details or sensitive financial instructions using a known phone number or trusted contact route. Do not rely on email alone.

Social Engineering

What it is
Social engineering is the use of manipulation to influence someone into taking an action, sharing information, or bypassing a control.

How it works
It relies on trust, urgency, familiarity, and authority. Instead of attacking a system directly, it targets the human decision behind the action.

What it looks like
A message, call, or request arrives from someone who appears legitimate. It fits what you are already doing, so the action feels helpful, efficient, or expected rather than risky.

How to prevent it
Pay attention to the situation, not just the identity shown on screen. If a request involves urgency, unusual access, or sensitive information, slow it down and verify it properly.

Deepfakes & AI Impersonation

What it is
Deepfakes and AI impersonation involve using artificial intelligence to mimic a real person’s voice, video, or writing style.

How it works
Attackers use publicly available content such as videos, voice clips, or written communications to create realistic messages or calls that appear to come from someone trusted.

What it looks like
A voice note, video message, or call sounds exactly like someone you know. The request is urgent and specific, and because it sounds genuine, it feels safe to act on it.

How to prevent it
Treat unusual or high-risk requests involving payments, credentials, or sensitive data as something that should always be confirmed through a second, independent channel.

Passwords, Logins & Account Access

These threats focus on getting into accounts or abusing access once it has been gained. They often begin with something small that does not feel like a security issue at the time.

Password Cracking

What it is
Password cracking is the process of gaining access to accounts by working out or guessing login credentials.

How it works
It often relies on predictable password patterns rather than dramatic hacking. Attackers use common password lists, reused credentials, or automated guessing tools until something works.

What it looks like
Nothing obvious appears to happen. An account is accessed without a clear sign of how. In many cases, the password made sense when it was created because it was easy to remember, quick to type, or based on something familiar.

How to prevent it
Use unique passwords for every account and use a password manager where possible. Multi-factor authentication adds an extra layer so access does not depend on a password alone.

Credential Harvesting

What it is
Credential harvesting is when attackers collect usernames and passwords through fake login pages or deceptive prompts.

How it works
They copy the appearance of trusted login screens so that entering details feels completely normal. Once the credentials are entered, they can be used elsewhere.

What it looks like
A login page appears exactly as expected after clicking a link in an email or message. You enter your details without hesitation because it looks like a system you already use.

How to prevent it
Go to login pages directly through official websites, apps, or bookmarks rather than following unexpected links. If you are asked to log in unexpectedly, pause and verify first.

Account Takeover

What it is
Account takeover is when someone gains access to a legitimate account and uses it as if they were the real owner.

How it works
It often happens after credentials are stolen or guessed. Once inside, attackers can send convincing emails, reset passwords, access systems, or move further into the organisation.

What it looks like
Emails and messages come from a genuine account you already trust. Requests look real because, in one sense, they are coming from the real account.

How to prevent it
Use strong unique passwords, enable multi-factor authentication, and take unexpected login prompts or unusual account behaviour seriously. Verify unusual requests even if they come from someone you know.

MFA Fatigue

What it is
MFA fatigue, sometimes called push bombing, is when repeated login approval prompts are used to pressure someone into accepting one.

How it works
Attackers repeatedly attempt to log in using stolen credentials, triggering multiple authentication requests. The goal is to make the prompts feel annoying enough that one gets approved just to make them stop.

What it looks like
Your phone keeps buzzing with login approvals you did not request. Eventually, approving one can feel like the quickest way to stop the disruption.

How to prevent it
Never approve a login request you did not initiate. Report repeated prompts immediately and change passwords if you suspect your account is being targeted.

Session Hijacking

What it is
Session hijacking is when an attacker takes advantage of an active logged-in session to access an account without needing the password.

How it works
If a session token is stolen or reused, an attacker may be able to access an account as if they were already authenticated.

What it looks like
You click a link and land straight inside an account without being asked to log in. That convenience is exactly what can make this threat harder to notice.

How to prevent it
Log out of important accounts when not in use, keep devices and browsers updated, and be cautious with unexpected links that lead directly into logged-in services.

Brute Force Attacks

What it is
A brute force attack is when repeated login attempts are used to guess a password.

How it works
Automated tools try many password combinations very quickly until one works. Weak or reused passwords make this much easier.

What it looks like
In many cases, there is no visible warning until an account is locked, unusual login alerts appear, or access has already been gained.

How to prevent it
Use strong unique passwords, enable multi-factor authentication, and pay attention to alerts about repeated failed logins or unfamiliar sign-in attempts.

Files, Links & Downloads

These threats are often hidden inside normal actions such as opening a document, downloading a file, scanning a QR code, or installing something that appears useful.

Malware

What it is
Malware is malicious software designed to damage systems, steal information, or give attackers access.

How it works
It is usually delivered through files, links, downloads, or compromised websites. It often relies on something being opened or installed during ordinary activity.

What it looks like
A file is downloaded, an attachment is opened, or something is installed that looks harmless. Nothing dramatic happens straight away, which is why it is often missed at the point it enters.

How to prevent it
Be cautious with unexpected attachments and downloads. Only install software or open files from trusted and verified sources, especially when something feels rushed or out of context.

Ransomware

What it is
Ransomware is a type of malware that locks files or systems and demands payment to restore access.

How it works
It often begins with an earlier action such as opening a file, clicking a link, or using compromised credentials. The damage may only become visible later.

What it looks like
Work carries on as normal at first. Then files become inaccessible, systems stop responding, or a message appears demanding payment.

How to prevent it
Avoid opening unexpected files or links, keep systems updated, and maintain secure backups. Take suspicious activity seriously early rather than assuming everything is fine.

QR Code Phishing (Quishing)

What it is
QR code phishing, sometimes called quishing, uses QR codes to direct people to malicious websites.

How it works
Because QR codes are scanned on phones, they can bypass the caution people often apply to links on computers. The destination may still be a fake site designed to steal information.

What it looks like
A QR code appears in an email, on an invoice, on a poster, or in printed material. It feels quick and convenient to scan, especially when the request seems routine.

How to prevent it
Be cautious when scanning QR codes from unexpected or unverified sources. Check where the link leads before entering any details.

Malicious Browser Extensions

What it is
A malicious browser extension is an add-on that appears useful but secretly collects data, monitors activity, or interferes with browsing.

How it works
It is installed like a normal productivity tool or helper, but requests more access than it really needs and uses that access in the background.

What it looks like
An extension promises to save time, improve workflow, or unlock a useful feature. It works as expected, so there is no reason to suspect that it may also be accessing information it should not.

How to prevent it
Only install extensions from trusted sources, review permissions carefully, and remove anything that is not essential.

Payments, Data & Everyday Business Risk

These threats often affect finance, administration, customer service, and anyone handling sensitive information. They may not feel technical, but they can have serious consequences.

Invoice & Payment Fraud

What it is
Invoice and payment fraud is when attackers trick a business into sending money to the wrong account.

How it works
It often happens through impersonation, intercepted email threads, or fake invoices that fit into normal business activity.

What it looks like
A payment request relates to a real supplier, a real service, or a real project. Everything feels routine, except the money is being directed somewhere it should not be.

How to prevent it
Put a consistent verification process in place for payment requests and any change to bank details. Do not rely only on email to authorise financial actions.

Data Breach

What it is
A data breach is when sensitive information is exposed, accessed, shared, or stolen without proper authorisation.

How it works
It can happen through cyberattacks, account compromise, accidental sharing, weak access controls, or lost devices. Not every breach begins with a dramatic attack.

What it looks like
Information ends up with the wrong person, appears in the wrong place, or becomes accessible to someone who should not have it. Sometimes the breach is only noticed afterwards.

How to prevent it
Limit access to sensitive data, check permissions carefully, use secure systems, and verify recipients before sending files or information.

Data Leakage / Accidental Data Sharing

What it is
Data leakage is when information is exposed unintentionally through normal work activity.

How it works
It often happens through rushed actions such as sending an email to the wrong person, attaching the wrong file, copying in too many recipients, or sharing folders too broadly.

What it looks like
A task is completed quickly and efficiently, but the information goes further than intended. Nothing about the action feels unusual at the time.

How to prevent it
Pause before sending or sharing sensitive information. Check recipients, attachments, permissions, and access settings carefully.

Identity Theft

What it is
Identity theft is when someone uses another person’s personal or business information for fraud or unauthorised activity.

How it works
Information may be collected through phishing, data breaches, social engineering, or publicly available sources and then used to impersonate someone.

What it looks like
Someone opens accounts, places orders, resets access, or makes requests using details that appear genuine because they are based on real information.

How to prevent it
Share personal and business information carefully, use strong account security, and investigate unexpected requests or account activity quickly.

Still Useful to Know

These threats may be less visible in everyday work, but they are still useful to understand because they often sit behind wider security incidents.

Man-in-the-Middle Attack

What it is
A man-in-the-middle attack is when someone intercepts communication between two parties without either side realising.

How it works
It can happen on insecure networks or through compromised connections, allowing the attacker to observe, capture, or alter information in transit.

What it looks like
You connect to a network, log into a service, or send information as normal. Nothing obvious tells you that someone else may be in the middle of that communication.

How to prevent it
Avoid using insecure public Wi-Fi for sensitive activity, use secure websites and trusted networks, and keep devices updated.

Hacking

What it is
Hacking is a broad term for gaining unauthorised access to systems, devices, or information.

How it works
It can involve technical weaknesses, stolen credentials, social engineering, or a combination of methods. In practice, many incidents involve both human and technical elements.

What it looks like
Systems behave unexpectedly, accounts are accessed without permission, or information is changed, stolen, or exposed.

How to prevent it
Keep systems updated, secure accounts properly, use strong access controls, and take unusual requests or behaviour seriously before they escalate.

Search

account

cart

  • Cyber Rebels
All category
Shopping cart close