Cybersecurity Glossary

Abuse Mailbox

These mailboxes are where emails are automatically sent to organizations that have SOAR solutions (i.e., suspicious emails are automatically quarantined here rather than requiring any action by users).

→ Read More

Account Takeover (ATO) 

Most commonly deployed by financially motivated attackers, account takeover occurs when an adversary obtains - either through legal or illegal actions - a person’s legitimate login credentials to a website, server or application, enabling them to commit various types of financial fraud.

→ Read More

Accidental Data Exposure

Advanced Persistent Threat (APT) 

An APT refers to a sophisticated hacker, cybercrime outfit or nation-state exploiting multiple threat vectors, including email, for both reconnaissance and exploitation purposes. The method is commonly used to gain unauthorized access to networks, servers or devices.

→ Read More

Anti-phishing Behavioral Conditioning (APBC)

A specific type of anti-phishing employee training with the goal of educating employees about common types of phishing threats and reducing the number of incidents where an employee takes the bait left out by a threat actor.

Artificial Intelligence

Barrel Phishing

A general phishing tactic that involves two or more separate emails, to steal sensitive information or data from unsuspecting victims. This type of phishing has become increasingly common and is a growing concern for both individuals and organizations.

→ Read More

Brand Indicators for Message Identification (BIMI)

As the newest and least utilized email authentication standard, BIMI intends to reduce fraudulent brand spoofing emails by visualizing a logo as a measure of authenticity. Compliance requires DMARC configuration with active “quarantine” or “reject” policies, a positive sender reputation, and a BIMI Assertion Record.

Brute Force Attacks

Brute force attacks are a type of cyberattack in which a threat actor uses automated software to generate a large number of possible passwords or combinations of characters in an attempt to guess the correct password for a given system or service.  Brute force attacks are often used to target password-protected systems or accounts. The attacker's software will keep trying until the correct password is found.

→ Read More

Business Email Compromise (BEC)

Business email compromise (BEC) is a type of targeted phishing (spear phishing) in which a threat actor either accesses or mimics a genuine business email account to defraud the business. This tactic relies on exploiting the assumed trust that victims have in emails coming from what appear to be genuine sources. Often, these scams target employees working in financial departments or executives who have the power to transfer money from business accounts to bank accounts under the control of the threat actor.

→ Read More

CEO Fraud

CEO fraud (commonly referred to as VIP impersonation and in some cases ‘whaling’) is when an attacker successfully impersonates a company executive in order to gain sensitive information or coerce a financial transaction from targeted executives or employees. According to our research, VIP impersonations penetrate SEGs about 20% of the time.

→ Read More

Clickjacking

Cloud Email

Cloud email is a type of email service that is hosted and managed by a third-party provider. Instead of running their own email servers and software, organizations can use a cloud email service to handle all of their email needs. Cloud email services are typically accessed through a web-based interface, allowing users to access their email from any device with an internet connection. Cloud email services are often preferred over traditional on-premises email solutions because they are more scalable, flexible, and cost-effective.

Common Vulnerabilities and Exposures (CVE)

A list of security vulnerabilities and exposure records that allow companies to better classify, identify and organize phishing threats with the goal of accelerated remediation.

→ Read More

Compliance Monitoring

Compliance monitoring involves the continuous surveillance, review, and analysis of organizational performance and risk indicators to ensure that policies, procedures, and regulatory requirements are followed, thereby safeguarding data, maintaining privacy, and preventing costly violations or interruptions caused by non-compliance.

→ Read More

Clone Phishing

Clone phishing is a type of cyberattack where attackers replicate legitimate emails and modify them to spread malware or steal sensitive information. It involves tricking recipients into believing the cloned emails come from trusted sources, leading them to click on malicious links or attachments.

→ Read More

Computer Vision

An advanced technology that helps to prevent credential harvesting and PII leaks by looking at visual deviations from the norm common with fake web pages. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision provides a critical additional layer of defense since they do not rely on simple pattern-matching technologies.

→ Read More

Content Disarm & Reconstruction (CDR)

A computer security technology that removes malware from code. It is commonly offered as part of a larger email security solution as a bolt-on focused on cloud-based email endpoints.

→ Read More

Credential Harvesting 

A highly common phishing tactic where attackers will attempt to lure a recipient into entering their password or other compromising log-in information, usually via a web page. This is most often deployed via spear phishing.

→ Read More

Credential Stuffing

Credential stuffing is a type of cyberattack in which the attacker uses a list of stolen usernames and passwords to gain unauthorized access to a large number of accounts. The attacker obtains the list of stolen credentials through various means, such as purchasing them on the dark web or scraping them from publicly available data breaches. Once they have the credentials, they use automated tools to try each username and password combination on a target website or service.

→ Read More

Data Breach

A data breach refers to any incident where unauthorized individuals gain access to sensitive or confidential data. This can include personal information like social security numbers, financial data, healthcare records, or corporate information such as customer databases and intellectual property. 

→ Read More

Data Brokers

A data broker, often referred to as an information broker, is a business that collects, aggregates, organizes, and sells or distributes information about individuals to other businesses, organizations, or entities.

→ Read More

Data Leak

A data leak refers to the accidental exposure of sensitive information either at rest or in transit. Data leaks can occur through various avenues, including unprotected databases, misconfigured servers, or human errors like inadvertently sending an email containing confidential data to the wrong recipient.

→ Read More

Data Loss

Data loss encompasses incidents where sensitive data is unintentionally misplaced or stolen through cyberattacks or insider threats. While this definition overlaps with data breaches, data loss also includes scenarios where information cannot be retrieved due to system errors or hardware failures.

→ Read More

Data Loss Prevention (DLP)

A capability of some email security solutions that prevents sensitive information or data from leaving an organization via email. This is a common add-on service offered by email providers such as Microsoft.

→ Read More

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC helps protect a company from unauthorized use of its domain name by malicious actors sending fraudulent emails. It works by evaluating messages that are sent from a particular domain and comparing them to the record published in the DNS by the owner.

→ Read More

Domain Keys Identified Mail (DKIM)

This is an email security standard that uses cryptography to ensure that messages aren’t manipulated between sender and receiver. DKIM helps improve email deliverability rates, while also reducing the frequency of domain spoofing. 

→ Read More

Domain Phishing 

A type of spoofing email in which an attacker sends a malicious message from a fraudulent domain that is an exact match to the spoofed brand’s domain (Example: TimCook@apple.com). These messages are detectable by many anti-phishing technologies since the sender domain can be easily identified as false.

Email Encryption

Email encryption is a security measure that is used to protect the confidentiality of email messages. Encryption is the process of encoding information in such a way that only authorized parties can access it. In the context of email, encryption is used to ensure that only the intended recipient of an email message can read its contents.  Email encryption typically involves the use of a mathematical algorithm to encrypt the contents of the email. The sender and recipient of the email must each have a unique encryption key, which is used to encode and decode the message. When the recipient receives the encrypted email, they use their encryption key to decode the message and read its contents.

→ Read More

Email Security Orchestration, Automation, and Response (M-SOAR)

This solution is commonly deployed by email security companies, including IRONSCALES, with end-to-end security to identify and remediate threats while continuously learning to better improve the process.

Extended Detection and Response (XDR)

Similar to SIEM, XDR solutions aggregate data across endpoints, including antivirus, firewall, and more. Security analysts leverage XDR to provide a full picture of an organization’s threat landscape, which, of course, includes email.

Extortion

Extortion phishing scams leverage scare tactics, including blackmail, threats, or coercion, to intimidate victims into paying a ransom or providing them with a specific service. These types of scams, which are increasing in frequency, often threaten to spread sensitive information such as private photos and videos (whether the attackers actually have this compromising info).

Fake Login Pages

These nefarious, yet often highly realistic-looking website pages, are an increasingly common technique deployed by attackers seeking to obtain a person’s login credentials to a legitimate website in order to harvest personal or company information and commence with illegal activity, such as credit card fraud, identity theft, and more. Adversaries are able to bypass both human and technical controls by exploiting inattentional blindness. Last year we identified more than 200 major brands significantly impacted by fake login pages in the first half of the year.

→ Read More

Financial Fraud 

Similar to credential harvesting, except that instead of trying to get someone to enter their password, the attacker’s goal is to get the recipient of the phishing email to enter compromising info that can later be used to steal money. This can include bank account information, credit card numbers, social security numbers, and more.

Graymail

Graymail is a term used to describe a type of email that is not spam but is not necessarily wanted or expected by the recipient. Examples of graymail include newsletters, promotional emails, and other types of marketing messages. 

→ Read More

Generative AI

Generative AI involves the use of machine learning algorithms to generate novel content by learning from large datasets; it can be applied in various fields, in cybersecurity, generative AI is utilized for defensive purposes to enhance threat detection, response, and security training.

→ Read More

Hidden Text/Zero Font

This technique implements hidden text with a font size of zero within a phishing email. Since a human reader cannot detect the zero-width characters, these malicious emails often appear legitimate to unsuspecting users. Invisible characters are also capable of bypassing legacy email security defenses, which is why the best way to defend against this type of attack is to turn to AI-powered email security tools that use natural language processing and computer vision to detect anomalies.

Honeypot

In cybersecurity, a honeypot is a network-attached system set up as a trap to attract attackers, gather data on their techniques, and divert their attention from real systems, helping organizations enhance their threat intelligence and defensive strategies.

→ Read More

Identity Fabric

Impersonation

A type of spoofing attack, with or without a payload, in which adversaries take on the persona of a colleague, vendor, partner, friend, or family member to achieve a specific objective. Such attacks can be used for quick financial gains or deployed as part of an advanced persistent threat (APT) in which reconnaissance is the main objective.

→ Read More

Impossible Travel

Impossible travel is a cybersecurity anomaly detection method that identifies potential compromises by analyzing user login activities and correlating them with geographical locations, specifically flagging instances where a user's account is accessed from two different countries in a suspiciously short time period.

→ Read More

Indicator of Compromise (IoC)

IoC-focused email defenses are commonly found in SEGs, which rely on technology to identify phishing threats that contain a malicious payload (URL, attachment). However, this technology is ineffective in remediating the rise of social engineering attacks.

→ Read More

Insider Threat

An insider threat can come from a variety of sources, such as a current or former employee, contractor, or business partner who has authorized access to the organization's systems and information. Insider threats can take many forms, such as theft of sensitive information, sabotage of critical systems, or unauthorized access to confidential data. Because insiders already have access to the organization's systems and networks, they can be particularly difficult to detect and prevent.

Integrated Cloud Email Security solution (ICES)

This is where many modern email security solutions sit, including IRONSCALES. While the efficacy and integrated advanced technologies vary, most email security companies claim to offer robust advanced threat capabilities to prevent all types of phishing techniques that would normally breach Secure Email Gateways.

→ Read More

Invoice Fraud

Invoice fraud is a well-coordinated ploy in which an attacker attempts to scam a business into paying a fake invoice–or paying a legitimate invoice to a fake account–by impersonating a vendor or partner. These targeted attempts are less likely to be flagged as spam since they don’t contain links or attachments that are deemed suspicious by most email security filters.

→ Read More

IP Reputation

IP reputation is a measure of the trustworthiness of a particular IP address on the internet. IP addresses are unique numerical labels that are assigned to every device that is connected to the internet. IP reputation is used to determine whether an IP address is known to be used for malicious or fraudulent activity, such as spamming or phishing.

→ Read More

Large Language Model

Large Language Models (LLMs) are advanced deep-learning models that understand and generate text in a human-like fashion, transforming the way computers process and generate language.

→ Read More

Log4j

Machine Learning

Fundamentally, machine learning is the ability of machines to become smarter through experience. Machine learning makes AI possible and uses algorithms to query vast amounts of data, discover patterns and generate insights. In email security, machine learning can automate the task of phishing attack discovery via scanning messages and other proprietary analytics

→ Read More

Malware 

Otherwise known as malicious coded software, malware is commonly deployed via email and is used to disrupt or destroy networks, servers, and devices. Examples of malware include Trojan horses, spyware, adware, and viruses.

Man-In-the-Middle

Man-in-the-middle attacks occur when a threat actor intercepts and alters the communication between two parties without their knowledge. The attacker essentially acts as a "middleman" between the two parties, allowing them to send and receive messages as usual, but secretly modifying the messages to achieve their own ends.

→ Read More

MX Record 

MX record (Mail eXchanger record) is a type of DNS record that specifies the server that is responsible for receiving email for a particular domain. When an email is sent to an address at a specific domain, the sender's email server looks up the MX record for that domain to determine where the email should be delivered. MX records are typically stored in the DNS records for a domain, and they specify the hostname of the server that should be used to deliver email for that domain, as well as a priority value that indicates the order in which servers should be tried if multiple MX records are present.

Natural Language Understanding (NLU)

An emerging advanced technology used in many technology sectors. In email security, it leverages advanced machine learning and neural networks to automatically detect and respond to the most common types of BEC attacks. Importantly, NLU is what allows IRONSCALES to understand both the “what” and the “who” of suspicious messages.

→ Read More

Outbound Email Protection

Pharming

Pharming is a type of cyber-attack in which the attacker redirects traffic from a legitimate website to a fake one to steal sensitive information. Unlike phishing attacks, which rely on tricking individuals into providing their information, pharming attacks use technical means to redirect traffic without the victim's knowledge.

→ Read More

Phishing

Delivered via phone, text, email, or social media, phishing is the oldest yet most prominent tactic in which criminals attempt to trick an unsuspecting recipient into taking an action, such as wiring money. It is estimated that phishing accounts for nearly 90% of all cyberattacks worldwide.

Phishing Button

This is a common feature found across many email security products. The button empowers users who receive a suspicious email to quickly click “spam alert” or “phishing” so that the email is then routed to a phishing mailbox for further investigation.

Phishing Mailboxes

These mailboxes received user/employee-reported email threats.

Phishing Simulation

Phishing simulation testing (PST) is a type of security test that is used to assess an organization's ability to detect and defend against phishing attacks. This test involves sending simulated phishing emails to employees or other users within the organization. The goal is to see how many people click on the malicious links or attachments within the email and how quickly they report it.

→ Read More

Polymorphic Attacks

This phishing technique is when a malicious actor implements slight but significant changes to an email’s artifacts, such as its content, copy, subject line, sender name, or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop attacks that trick signature-based email security tools that were not built to recognize such modifications to threats. With the ease associated with the development and delivery of polymorphic attacks, it is no surprise that 42% of all phishing attacks are polymorphic.

→ Read More

Pretexting

→ Read More

Quishing

Quishing, short for "QR code phishing," is a cyberattack method where malicious actors use QR codes to deceive users into visiting fraudulent websites, potentially leading to the theft of sensitive information or the distribution of malware.

→ Read More

Ransomware 

An increasingly popular malware strain, ransomware encrypts the victim’s data and then demands a sum of money (to be paid in bitcoin) in order to receive the decryption key. The criminal typically makes a threat to release the victim’s data to the internet and/or dark web if payment isn’t made. The Justice Department reports more than 4,000 ransomware attacks per day in the U.S. alone.

→ Read More

Sandbox

An extremely common solution for a variety of technologies used by engineers and other users can safely test new technologies before they are widely deployed into production. However, sandboxes differ in email security, referring to the isolation of a suspicious URL or attachment in a phishing email. This is particularly useful for zero-day attacks that bypass existing technical defenses.

→ Read More

Secure Email Gateway (SEG)

Some of the most commonly deployed email security solutions, SEGs as identified by Gartner, “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.” So what is the problem with SEGs? IRONSCALES research shows advanced phishing attacks bypass leading SEGs at a nearly 50% clip.

Security Awareness Training (SAT)

Security awareness training is a type of educational program that helps employees and other organizational members to become more aware of security risks and learn how to protect themselves, their work, and the organization from potential attacks.

→ Read More

Security Information and Event Management (SIEM)

Email security solutions often integrate with SIEM tools. The email security tools send logs to the SIEM, which then consolidates logs from all connected security technologies, analyzes the data and then generates alerts for analysis and reporting.

→ Read More

Sender Policy Framework (SPF)

This is a policy that protects against domain spoofing by hardening DNS servers and restricting access to senders. SPF enables Internet Service Providers (ISPs) to verify that a mail server is authorized to send an email from a specific domain. Learn how to setup SPF here.

→ Read More

Simple Mail Transfer Protocol (SMTP)

The purpose of SMTP is to help organizations send and receive emails. While helpful for deliverability, this protocol remains highly vulnerable because it does not encrypt or authenticate messages.

→ Read More

Single Sign-On (SSO)

Single sign-on (SSO) is a user authentication process that permits a user to enter one set of credentials (e.g. username and password) to access multiple applications or systems. In most cases, SSO uses an identity provider (IdP), which is a service that authenticates users and provides them with the necessary credentials to access different systems.

Smishing 

Delivered via SMS, smishing text messages are phishing attack techniques containing malicious URLs that attempt to lure recipients into visiting risky websites, downloading malware onto their mobile devices, or sharing login credentials. These text messages can sometimes appear to be from trusted senders, such as banks and online retailers, making them a real threat to people who are only accustomed to looking for phishing attempts via email attacks.

→ Read More

Social Engineering 

Growing in popularity, social engineering occurs when an attacker uses psychological manipulation to trick a person or company into taking an action, such as providing login credentials, paying a fraudulent invoice or sharing personally identifiable information (PII), such as a social security number. According to Verizon, social engineering now occurs in almost 60% of phishing attacks.

→ Read More

Spam 

These junk and unsolicited email messages have historically been more annoying than risky. However, spam is increasingly viewed as a cybersecurity threat due to inattentional blindness, which occurs when individuals fail to perceive an unexpected change in plain sight.

→ Read More

Spam Mailbox

These mailboxes are commonly found in most email clients as “spam” folders where junk and/or spam email is automatically routed.

Spear Phishing 

The main difference between phishing and spear phishing is that spear phishing targets specific people and/or organizations with an ask to complete a specific task, such as downloading an attachment or clicking on a link, while phishing is often distributed at random to widespread audiences. Oftentimes, engaging with the payload enables adversaries to access the information needed to institute a major cyberattack. 

→ Read More

Spoofing

Email spoofing occurs when an attacker sends a malicious message with a false sender address to steal personal information, infect computers with malware, or leverage extortion to steal money. There are four primary types of spoofing attacks, including exact sender name impersonations (the most common), similar sender name impersonations, look-alike/cousin domain spoofing, and exact domain spoofs.

→ Read More

Spyware 

Spyware is a type of malicious software that surreptitiously gains access to computer and mobile devices, stealthily capturing users' personal information and activities, which it then transmits to third parties without their knowledge or consent, posing serious privacy and security risks.

→ Read More

Threat Assessment

→ Read More

Threat Exposure Management

Typosquatting

Also known as URL hijacking, typosquatting preys on inattentional blindness by leveraging small deviations in domain names to lure them into visiting malicious websites. These deviations include scrambled letters, wrong domain endings, and other typographical errors that can easily lure victims to fake websites and fake login pages. Once lured, typosquatters have an easy opportunity to harvest personal and financial information to make quick money.

→ Read More

Two-factor Authentication & Multi-Factor Authentication

Two-factor authentication (2FA) is an additional layer of security that can be used to protect sensitive data and systems. 2FA requires users to provide two different pieces of information in order to gain access, such as a password and a one-time code generated by a mobile app.

Multi-factor authentication (MFA) is similar to 2FA, but often requires three or more different pieces of information to gain access. MFA is often used for high-security systems or data, such as financial accounts.

Unicode Domain Phishing

As a result of the internationalization of the World Wide Web and the rise of internationalized domain names (IDNs), cybercriminals can exploit Unicode domains to make dangerous websites appear safe and authentic. Unicode domain phishing replaces characters in the domain with similar characters from a foreign language, allowing the fraudulent website to bypass web browser protections and legacy email security tools.

Vendor Email Compromise (VEC)

Vendor Email Compromise (VEC), sometimes referred to as Vendor Impersonation or Vendor Spoofing, begins with an attacker gaining access to the vendor’s email, or impersonating them, in a targeted attack on their customers.

→ Read More

Vishing

This type of phishing attack technique tricks victims into giving up sensitive personal information over the phone, such as credit card numbers and passwords. By relying on social engineering to prey on human emotions such as greed or fear, unsuspecting victims can easily be duped into giving attackers exactly what they’re looking for. The FBI has reported that vishing techniques are increasing with great frequency.

→ Read More

Watering Hole Attacks

Watering Hole Attacks involve hackers exploiting vulnerabilities in popular websites to inject malware, tricking users into visiting compromised sites, and covertly infecting their computers, enabling the attackers to infiltrate targeted organizations' networks.

→ Read More

Whaling

Directed at senior executives at mostly large corporations, Whaling attacks are targeted spear-phishing campaigns aimed at tricking high-level executives and organizational leaders into sharing confidential or proprietary information that can be used for financial fraud and other forms of exploitation.

→ Read More

Zero Trust