Skip to main content
TrailblazerDX, the ultimate AI learning event is heading back to San Francisco March 6-7, 2024. Register Now and save 35% with code T24DEYE424.

Identify Threat Actor Tactics

Learning Objectives

After completing this unit, you’ll be able to:

  • Discuss the threat of phishing.
  • Define the common forms of malware.
  • Identify examples of social engineering.
  • Explain the concept of shoulder surfing.

Categories of Threat Actor Tactics

In our increasingly digital world, cyber threats remain a constant concern. These risks affect businesses in various industries and have wide-ranging implications for the public. Up next, we'll explore some of the most common threat tactics you should be aware of.


An envelope attached to a fishing hook.

An email from your bank drops into your inbox. It asks you to reset your password due to a security breach. Sounds legitimate, right? 

Next, you click the link embedded in the email. A landing page pops up and you enter your online banking credentials to see what all the fuss is about… 

And the rest is history. You just fell prey to phishing. 

The majority of all cyberattacks occur through stolen login credentials typically obtained through various forms of phishing attacks. Threat actors use phishing to trick people into handing over sensitive information such as passwords and health data. This method typically leverages email to trick users into giving up credentials or downloading software intended to damage or control a device or network.

There are a few different common types.

Spear Phishing

Spear phishing targets a specific person instead of using mass email. Attackers know their victims’ names and research their interests on social media. Then, they customize communications to build trust with the victim in order to snag their info.


This kind of phishing goes after high-profile targets, or “whales,” who have access to tons of sensitive information. Similar to spear phishing, threat actors invest considerable time to research the target before attacking. 


With pharming, victims don’t have to click anything to be taken advantage of. You type in a URL and then the attacker “hijacks” it. Instead of reaching your intended destination, you land on an imposter site that asks for credentials or other data.

Clone Phishing

In this method, attackers clone a legitimate email that the victim has previously received, replacing the original link or attachment with a malicious one.

Vishing (Voice Phishing)

This involves phone calls where the attacker poses as a trusted entity to trick the victim into divulging sensitive information.

Smishing (SMS Phishing) 

Similar to vishing but conducted via SMS text messages.

After an attacker gains access to your system through phishing, they don’t stop there. Often, they infect your device with malicious software. More on that next.


A computer screen covered by an insect.

Your big presentation is in less than 30 minutes. As soon as you press print on the content, you get an alert from the IT department: Printers are down.  

Luckily, you have a printing service in your building. So, you look around your workspace for a thumb drive, pop it into your USB port, and then hurry to transfer files so you can print. 

You made it in time. And your presentation passed with flying colors. But, little did you know, your computer got infected with malware in the process. How? A rogue thumb drive was planted in your office by a threat actor.

So what is malware, anyway? The term malware is short for malicious software—designed to disrupt, damage, or gain unauthorized access to a computer system. Attackers frequently try to install malware on a victim’s system, commonly distributing the files via email, social media, and compromised websites.

Malware comes in multiple forms, including: 

Trojan Horses

This form of malware walks and talks like legitimate software but has negative intent. After it’s activated, it deletes, modifies, and blocks your data. Trojans are also known to enable real-time access to your system, resulting in a full takeover. 


You guessed it. This malicious software holds information for ransom. Attackers typically get into your system through phishing and then block your access. Keep in mind that, even if you pay up, it can be hard to reverse the damage without having a backup.


Chances are you’ve come into contact with adware, which serves people unwanted advertising. A common adware program might redirect a user's searches to look-alike web pages that ask for sensitive information.

Juice Jacking

In a juice jacking attack, an attacker compromises a public charging station that installs malware when a portable device plugs in from public areas, such as an airport, train station, or conference arena.

Once an attacker has access to your system, they use malware to get even more info. But how do they gain access in the first place? Many times, it’s through social engineering.  

Social Engineering

A person standing in front of a computer with a mask in their hand.

It’s mid-February and you’re officially counting down the days until summer—142, to be exact.

Naturally, you start browsing vacation spots. Suddenly, you see an advertisement for a free Caribbean vacation. Bingo! Your need for sun and sand prompts you to click the ad and enter a sweepstakes with your email address and phone number. Fingers crossed...

Harmless, right? Nope. 

This is an example of social engineering—the art of manipulating people into handing over valuable information. Threat actors use social engineering because it’s easier to exploit your natural inclination to trust than to actually hack your software. 

Sounds a bit like phishing, doesn’t it? That’s because phishing is one of the most common types of social engineering. Here are a few more. 


Tailgating is the physical act of following someone to gain access to their information. For example, an attacker follows you into a coffee shop and hops on to the same public Wi-Fi network in order to hack into your system. 


Pretexting is a form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artist comes up with a story—or pretext—in order to fool the victim. The pretext generally casts the attacker in the role of someone in authority who has the right to access the information being sought, or who can use the information to help the victim. Attackers who use pretexting often tell victims they need their info in order to complete a specific task or to keep the individual out of legal trouble. 

Quid Pro Quo

This is when an attacker promises you something of value in exchange for information (remember that Caribbean vacation?). Attackers scope out an individual and then present them with things relevant to their lifestyle in the hope that they provide sensitive information.

Not all threat actors limit themselves to the cyber world. Some use the physical to gain access to the digital. That’s where shoulder surfing comes in. 

Shoulder Surfing

A person using a computer while another person looks over their shoulder.

Let’s say you’re part of the huge number of people globally who work remotely. And, for you, remotely typically means your local coffee shop. 

You’ve got all the right security measures in place for remote work—you log into Wi-Fi with a virtual private network (VPN) and lock your screen anytime you get up for a refill. 

You’re safe, right? Maybe not.

Shoulder surfing is the practice of looking “over the shoulder” of someone using an electronic device, and then taking a photo of their screen or jotting down their valuable information. It can happen anywhere you transfer sensitive info in public. That not only includes anywhere you use a laptop, smartphone, or tablet but also payment kiosks like ATMs.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column beneath the matching category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great work!

Sum It Up

Common cybersecurity terms? Check. Threat actors? Check. Threat actor tactics? Check. Now you know all the basics of the threat landscape. In the next module, you learn how to protect yourself from these threats, including securing your logins, keeping your devices secure, and safeguarding internet use. If you’re interested in learning more about cybersecurity and meeting practitioners in the field, visit the Cybersecurity Learning Hub.


Keep learning for
Sign up for an account to continue.
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities