3.2.1. Message-Based, Image-Based, and File-Based Vectors
š” First Principle: Attackers deliver malicious payloads through communication channels that people trust and use daily. The effectiveness of these vectors relies on human behavior ā people open emails, view images, and download files as part of normal work.
Email is the most common initial attack vector. Phishing emails deliver malicious attachments, malicious links, and business email compromise (BEC) social engineering. Email vectors succeed because they arrive in a trusted context ā your inbox ā and can be crafted to look legitimate. BEC is particularly dangerous because it involves no malware ā the attacker impersonates an executive or vendor and requests a wire transfer or sensitive data, often after researching the target through social media and public records.
Voice phishing (vishing) uses phone calls to extract information. Attackers impersonate IT support, banks, or government agencies, creating urgency to bypass critical thinking. Caller ID spoofing makes these calls appear to come from legitimate numbers.
Short Message Service (SMS)/text messaging delivers smishing attacks ā phishing via text message. "Your package couldn't be delivered, click here" links lead to credential harvesting sites or malware downloads.
Instant messaging (IM) platforms (Slack, Teams, WhatsApp) are increasingly used to deliver malicious links or files. Users tend to trust messages from colleagues, making compromised accounts particularly dangerous.
Image-based vectors embed malicious code within image files. An image can contain hidden scripts that execute when rendered by a vulnerable viewer, or steganographic payloads extracted by attacker tools.
File-based vectors deliver malware through documents, PDFs, executables, and archives. Macro-enabled Office documents are a classic vector ā the document looks legitimate but contains Visual Basic macros that execute malware when enabled.
ā ļø Exam Trap: "Vishing" is voice phishing (phone calls). "Smishing" is SMS phishing (text messages). "Phishing" is email-based. The exam tests your ability to match the channel to the term.
