Page Comparison

Phishing

Class: Information Gathering - Phishing

Attempt to gather information on a user or a system through phishing methods.

Including;

• Mass emailing aimed at collecting data for phishing purposes with regard to the victims (Dissemination of phishing emails: Art. 7 [H], Art. 7 [G])

• Hosting web sites for phishing purposes (Hosting of phishing sites: Art. 7 [F]

ENISA and Europol EC3, 2017

Login attempt

Class: Intrusion Attempt and Intrusion - Login attempt

Attempt to log in to services or authentication / access control mechanisms.

Including:

• Unsuccessful login by using sequential credentials for gaining access to the system (Brute-force attempt:, Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

• Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys. (Password cracking attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

• Unsuccessful login by using system access credentials previously loaded into a dictionary. (Dictionary attack attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

ENISA and Europol EC3, 2017

Unauthorised access to a system or component by bypassing an access control system in place.

Class: Intrusion

Type: (Successful) Exploitation of vulnerability

Actual intrusion by exploiting vulnerability in the system, component or network.

Unauthorised access to a system or component by bypassing an access control system in place. (Control system bypass: (Art. 2 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Compromising an account

Class: Intrusion

Actual intrusion in a system, component or network by compromising a user or administrator account.

Unauthorised access to a system or component by using stolen access credentials. (Theft of access credentials: Art. 6 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017