Cybersecurity Glossary

Abuse Mailbox

These mailboxes are where emails are automatically sent to organizations that have SOAR solutions (i.e., suspicious emails are automatically quarantined here rather than requiring any action by users).

Account Takeover (ATO)

Most commonly deployed by financially motivated attackers, account takeover occurs when an adversary obtains - either through legal or illegal actions - a person’s legitimate login credentials to a website, server or application, enabling them to commit various types of financial fraud. 

Advanced Persistent Threat (APT)

An APT refers to a sophisticated hacker, cybercrime outfit or nation-state exploiting multiple threat vectors, including email, for both reconnaissance and exploitation purposes. The method is commonly used to gain unauthorized access to networks, servers or devices.

→ Read More

Anti-phishing behavioral conditioning (APBC)

A specific type of anti-phishing employee training with the goal of educating employees about common types of phishing threats and reducing the number of incidents where an employee takes the bait left out by a threat actor.

Brand Indicators for Message Identification (BIMI)

As the newest and least utilized email authentication standard, BIMI intends to reduce fraudulent brand spoofing emails by visualizing a logo as a measure of authenticity. Compliance requires DMARC configuration with active “quarantine” or “reject” policies, a positive sender reputation, and a BIMI Assertion Record.

Business Email Compromise (BEC)

Business email compromise (BEC) is a type of targeted phishing (spear phishing) in which a threat actor either accesses or mimics a genuine business email account to defraud the business. This tactic relies on exploiting the assumed trust that victims have in emails coming from what appear to be genuine sources. Often, these scams target employees working in financial departments or executives who have the power to transfer money from business accounts to bank accounts under the control of the threat actor.

→ Read More

CEO Fraud

CEO fraud (commonly referred to as executive phishing or ‘whaling’) is when an attacker successfully impersonates a company executive in order to gain sensitive information or coerce a financial transaction from targeted executives or employees. 

→ Read More

Common Vulnerabilities and Exposures (CVE)

A list of security vulnerabilities and exposures records allowing companies to better classify, identify and organize phishing threats with the goal of accelerated remediation.

Computer Vision

An advanced technology that helps to prevent credential harvesting and PII leaks by looking at visual deviations from the norm common with fake web pages. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision provides a critical additional layer of defense since they do not rely on simple pattern matching technologies.

Content Disarm & Reconstruction (CDR)

A computer security technology that removes malware from code. It is commonly offered as part of a larger email security solution as a bolt-on focused on cloud-based email endpoints.

Credential Harvesting

A highly common phishing tactic where attackers will attempt to lure a recipient into entering their password or other compromising log-in information, usually via a web page. This is most often deployed via spear phishing.

Data Loss Prevention (DLP)

A capability of some email security solutions that prevents sensitive information or data from leaving an organization via email. This is a common add-on service offered by email providers such as Microsoft.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC helps protect a company from unauthorized use of its domain name by malicious actors sending fraudulent emails. It works by evaluating messages that are sent from a particular domain and comparing them to the record published in the DNS by the owner.

→ Read More

Domain Keys Identified Mail (DKIM)

This is an email security standard that uses cryptography to ensure that messages aren’t manipulated between sender and receiver. DKIM helps improve email deliverability rates, while also reducing the frequency of domain spoofing. 

→ Read More

Domain Phishing

A type of spoofing email in which an attacker sends a malicious message from a fraudulent domain that is an exact match to the spoofed brand’s domain (Example: TimCook@apple.com). These messages are detectable by many anti-phishing technologies since the sender domain can be easily identified as false.

Email Security Orchestration, Automation, and Response (M-SOAR)

This solution is commonly deployed by email security companies, including IRONSCALES, with end-to-end security to identify and remediate threats while continuously learning to better improve the process.

Extended Detection and Response (XDR)

Similar to SIEM, XDR solutions aggregate data across endpoints, including antivirus, firewall, and more. Security analysts leverage XDR to provide a full picture of an organization’s threat landscape, which, of course, includes email.

Extortion

Extortion phishing scams leverage scare tactics, including blackmail, threats, or coercion, to intimidate victims into paying a ransom or providing them with a specific service. These types of scams, which are increasing in frequency, often threaten to spread sensitive information such as private photos and videos (whether the attackers actually have this compromising info).

Fake login pages

These nefarious, yet often highly realistic-looking website pages, are an increasingly common technique deployed by attackers seeking to obtain a person’s login credentials to a legitimate website in order to harvest personal or company information and commence with illegal activity, such as credit card fraud, identity theft and more. Adversaries are able to bypass both human and technical controls by exploiting inattentional blindness. Last year we identified more than 200 major brands significantly impacted by fake login pages in the first half of the year.

Financial Fraud

Similar to credential harvesting, except that instead of trying to get someone to enter their password, the attacker’s goal is to get the recipient of the phishing email to enter compromising info that can later be used to steal money. This can include bank account information, credit card numbers, social security numbers, and more. 

Hidden Text/Zero font

This technique implements hidden text with a font size of zero within a phishing email. Since a human reader cannot detect the zero-width characters, these malicious emails often appear legitimate to unsuspecting users. Invisible characters are also capable of bypassing legacy email security defenses, which is why the best way to defend against this type of attack is to turn to AI-powered email security tools that use natural language processing and computer vision to detect anomalies.

Impersonation

A type of spoofing attack, with or without a payload, in which adversaries take on the persona of a colleague, vendor, partner, friend, or family member to achieve a specific objective. Such attacks can be used for quick financial gains or deployed as part of an advanced persistent threat (APT) in which reconnaissance is the main objective.

Indicator of Compromise (IoC)

IoC-focused email defenses are commonly found in SEGs, which rely on technology to identify phishing threats that contain a malicious payload (URL, attachment). However, this technology is ineffective in remediating the rise of social engineering attacks.

Integrated Cloud Email Security solution (ICES)

This is where many modern email security solutions sit, including IRONSCALES. While the efficacy and integrated advanced technologies vary, most email security companies claim to offer robust advanced threat capabilities to prevent all types of phishing techniques that would normally breach Secure Email Gateways.

Invoice Fraud

Invoice fraud is a well-coordinated ploy in which an attacker attempts to scam a business into paying a fake invoice–or paying a legitimate invoice to a fake account–by impersonating a vendor or partner. These targeted attempts are less likely to be flagged as spam since they don’t contain links or attachments that are deemed suspicious by most email security filters.

→ Read More

Machine Learning

Fundamentally, machine learning is the ability for machines to become smarter through experience. Machine learning makes AI possible and uses algorithms to query vast amounts of data, discover patterns and generate insights. In email security, machine learning can automate the task of phishing attack discovery via scanning messages and other proprietary analytics.

Malware

Otherwise known as malicious coded software, malware is commonly deployed via email and is used to disrupt or destroy networks, servers, and devices. Examples of malware include Trojan horses, spyware, adware, and viruses.

Natural Language Understanding (NLU)

An emerging advanced technology used in many technology sectors. In email security, it leverages advanced machine learning and neural networks to automatically detect and respond to the most common types of BEC attacks. Importantly, NLU is what allows IRONSCALES to understand both the “what” and the “who” of suspicious messages. 

Phishing

Delivered via phone, text, email, or social media, phishing is the oldest yet most prominent tactic in which criminals attempt to trick an unsuspecting recipient into taking an action, such as wiring money. It is estimated that phishing accounts for nearly 90% of all cyberattacks worldwide.

Phishing Button

This is a common feature found across many email security products. The button empowers users who receive a suspicious email to quickly click “spam alert” or “phishing” so that the email is then routed to a phishing mailbox for further investigation.

Phishing Mailboxes

These mailboxes received user/employee-reported email threats.

Phishing Simulation Testing (PST)

Phishing simulation testing is a type of security test that is used to assess an organization's ability to detect and defend against phishing attacks. This test involves sending simulated phishing emails to employees or other users within the organization. The goal is to see how many people click on the malicious links or attachments within the email and how quickly they report it.

Polymorphic Attacks

This phishing technique is when a malicious actor implements slight but significant changes to an email’s artifacts, such as its content, copy, subject line, sender name, or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop attacks that trick signature-based email security tools that were not built to recognize such modifications to threats. With the ease associated with the development and delivery of polymorphic attacks, it is no surprise that 42% of all phishing attacks are polymorphic.

Ransomware

An increasingly popular malware strain, ransomware encrypts the victim’s data and then demands a sum of money (to be paid in bitcoin) in order to receive the decryption key. The criminal typically makes a threat to release the victim’s data to the internet and/or dark web if payment isn’t made. The Justice Department reports more than 4,000 ransomware attacks per day in the U.S. alone.

Sandbox

An extremely common solution for a variety of technologies used by engineers and other users can safely test new technologies before they are widely deployed into production. However, sandboxes differ in email security, referring to the isolation of a suspicious URL or attachment in a phishing email. This is particularly useful for zero-day attacks that bypass existing technical defenses.

Spam

These junk and unsolicited email messages have historically been more annoying than risky. However, spam is increasingly viewed as a cybersecurity threat due to inattentional blindness, which occurs when individuals fail to perceive an unexpected change in plain sight.

Secure Email Gateway (SEG)

Some of the most commonly deployed email security solutions, SEGsas identified by Gartner, “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.” So what is the problem with SEGs? IRONSCALES research shows advanced phishing attacks bypass leading SEGs at a nearly 50% clip.

Security Awareness Training (SAT)

Security awareness training is a type of educational program that helps employees and other organizational members to become more aware of security risks and learn how to protect themselves, their work, and the organization from potential attacks.

Security Information and Event Management (SIEM)

Email security solutions often integrate with SIEM tools. The email security tools send logs to the SIEM, which then consolidates logs from all connected security technologies, analyzes the data and then generates alerts for analysis and reporting.

Sender Policy Framework (SPF)

This is a policy that protects against domain spoofing by hardening DNS servers and restricting access to senders. SPF enables Internet Service Providers (ISPs) to verify that a mail server is authorized to send an email from a specific domain. Learn how to setup SPF here.

→ Read More

Simple Mail Transfer Protocol (SMTP)

The purpose of SMTP is to help organizations send and receive emails. While helpful for deliverability, this protocol remains highly vulnerable because it does not encrypt or authenticate messages.

Single Sign-On (SSO)

Single sign-on (SSO) is a user authentication process that permits a user to enter one set of credentials (e.g. username and password) to access multiple applications or systems. In most cases, SSO uses an identity provider (IdP), which is a service that authenticates users and provides them with the necessary credentials to access different systems.

Smishing

Delivered via SMS, smishing text messages are phishing attack techniques containing malicious URLs that attempt to lure recipients into visiting risky websites, downloading malware onto their mobile devices, or sharing login credentials. These text messages can sometimes appear to be from trusted senders, such as banks and online retailers, making them a real threat to people who are only accustomed to looking for phishing attempts via email attacks.

Social Engineering

Growing in popularity, social engineering occurs when an attacker uses psychological manipulation to trick a person or company into taking an action, such as providing login credentials, paying a fraudulent invoice or sharing personally identifiable information (PII), such as a social security number. According to Verizon, social engineering now occurs in almost 60% of phishing attacks.

Spam Mailbox

These mailboxes are commonly found in most email clients as “spam” folders where junk and/or spam email is automatically routed.

Spear phishing

The main difference between phishing and spear phishing is that spear phishing targets specific people and/or organizations with an ask to complete a specific task, such as downloading an attachment or clicking on a link, while phishing is often distributed at random to widespread audiences. Oftentimes, engaging with the payload enables adversaries to access the information needed to institute a major cyberattack. 

Spoofing

Email spoofing occurs when an attacker sends a malicious message with a false sender address to steal personal information, infect computers with malware, or leverage extortion to steal money. There are four primary types of spoofing attacks, including exact sender name impersonations (the most common), similar sender name impersonations, look-alike/cousin domain spoofing, and exact domain spoofs.

Typosquatting

Also known as URL hijacking, typosquatting preys on inattentional blindness by leveraging small deviations in domain names to lure them into visiting malicious websites. These deviations include scrambled letters, wrong domain endings, and other typographical errors that can easily lure victims to fake websites and fake login pages. Once lured, typosquatters have an easy opportunity to harvest personal and financial information to make quick money.

Two-factor Authentication & Multi-Factor Authentication

Two-factor authentication (2FA) is an additional layer of security that can be used to protect sensitive data and systems. 2FA requires users to provide two different pieces of information in order to gain access, such as a password and a one-time code generated by a mobile app.

Multi-factor authentication (MFA) is similar to 2FA, but often requires three or more different pieces of information to gain access. MFA is often used for high-security systems or data, such as financial accounts.

Unicode Domain Phishing

As a result of the internationalization of the World Wide Web and the rise of internationalized domain names (IDNs), cybercriminals can exploit Unicode domains to make dangerous websites appear safe and authentic. Unicode domain phishing replaces characters in the domain with similar characters from a foreign language, allowing the fraudulent website to bypass web browser protections and legacy email security tools.

Vishing

This type of phishing attack technique tricks victims intogiving up sensitive personal information over the phone, such as credit card numbers and passwords. By relying on social engineering to prey on human emotions such as greed or fear, unsuspecting victims can easily be duped into giving attackers exactly what they’re looking for. The FBI has reported that vishing techniques are increasing with great frequency.

Whaling/VIP Impersonation

Directed at senior executives at mostly large corporations, Whaling/VIP Impersonation attacks are targeted spear-phishing campaigns aimed at tricking high-level executives and organizational leaders into sharing confidential or proprietary information that can be used for financial fraud and other forms of exploitation. According to our research, VIP impersonations penetrate SEGs about 20% of the time.

ai-ironscales
FREE Email Health Scan

Request an AI-powered email scan of your mailboxes and uncover lurking phishing threats.

Featured Content

Human & Machine

A core tenet at IRONSCALES is that phishing is a human + machine problem that can only be solved with a human + machine solution.

Vendor Spoofing

A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.

The Cost of Phishing

Businesses are spending too much time and money on phishing. Discover how much in this survey report. 252 security professionals. 20 industries. 5 key takeaways.

Schedule a Demo

Request a demo to see what IRONSCALES AI-powered email security can do for you.