• Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
  • Solutions
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
  • Partner
  • Pricing

Cybersecurity Glossary

A        B       C       D       E       F       G       H       I       J        K        L        M        N        O        P        Q        R        S        T        U        V        W        X        Y        Z

Abuse Mailbox

These mailboxes are where emails are automatically sent to organizations that have SOAR solutions (i.e., suspicious emails are automatically quarantined here rather than requiring any action by users).

→ Read More

Account Takeover (ATO)

Most commonly deployed by financially motivated attackers, account takeover occurs when an adversary obtains - either through legal or illegal actions - a person’s legitimate login credentials to a website, server or application, enabling them to commit various types of financial fraud.

→ Read More

Accidental Data Exposure

Accidental data exposure occurs when sensitive information becomes accessible to those not meant to see it, often due to oversight or errors. Unlike deliberate data breaches, this exposure happens without malicious intent, typically stemming from human mistakes or system misconfigurations.

→ Read More

Advanced Persistent Threat (APT)

An APT refers to a sophisticated hacker, cybercrime outfit or nation-state exploiting multiple threat vectors, including email, for both reconnaissance and exploitation purposes. The method is commonly used to gain unauthorized access to networks, servers or devices.

→ Read More


AI TRiSM (trust, risk, security management) is a framework to manage the risks of using AI. It ensures trustworthy, fair, and reliable AI systems that protect data with techniques to improve interpretability, explainability, and resilience against attacks.

→ Read More

Anti-phishing Behavioral Conditioning (APBC)

A specific type of anti-phishing employee training with the goal of educating employees about common types of phishing threats and reducing the number of incidents where an employee takes the bait left out by a threat actor.

Artificial Intelligence

AI in cybersecurity involves the application of artificial intelligence and machine learning algorithms to analyze vast amounts of data, detect patterns, and identify potential security threats in real-time, enabling organizations to proactively defend against cyber attacks and mitigate risks. It enables automated incident response, behavioral analysis, and adaptive defense mechanisms to protect sensitive information and strengthen overall cybersecurity posture.

→ Read More

Barrel Phishing

A general phishing tactic that involves two or more separate emails, to steal sensitive information or data from unsuspecting victims. This type of phishing has become increasingly common and is a growing concern for both individuals and organizations.

→ Read More

Brand Indicators for Message Identification (BIMI)

As the newest and least utilized email authentication standard, BIMI intends to reduce fraudulent brand spoofing emails by visualizing a logo as a measure of authenticity. Compliance requires DMARC configuration with active “quarantine” or “reject” policies, a positive sender reputation, and a BIMI Assertion Record.

Brute Force Attacks

Brute force attacks are a type of cyberattack in which a threat actor uses automated software to generate a large number of possible passwords or combinations of characters in an attempt to guess the correct password for a given system or service.  Brute force attacks are often used to target password-protected systems or accounts. The attacker's software will keep trying until the correct password is found.

→ Read More

Business Email Compromise (BEC)

Business email compromise (BEC) is a type of targeted phishing (spear phishing) in which a threat actor either accesses or mimics a genuine business email account to defraud the business. This tactic relies on exploiting the assumed trust that victims have in emails coming from what appear to be genuine sources. Often, these scams target employees working in financial departments or executives who have the power to transfer money from business accounts to bank accounts under the control of the threat actor.

→ Read More

CEO Fraud

CEO fraud (commonly referred to as VIP impersonation and in some cases ‘whaling’) is when an attacker successfully impersonates a company executive in order to gain sensitive information or coerce a financial transaction from targeted executives or employees. According to our research, VIP impersonations penetrate SEGs about 20% of the time.

→ Read More


Clickjacking is a malicious technique that involves overlaying invisible or disguised elements on a webpage, causing users to interact with hidden content or functionalities without their knowledge or consent, potentially leading to harmful consequences or unauthorized actions.

Clone Phishing

Clone phishing is a type of cyberattack where attackers replicate legitimate emails and modify them to spread malware or steal sensitive information. It involves tricking recipients into believing the cloned emails come from trusted sources, leading them to click on malicious links or attachments.

→ Read More

Cloud Email

Cloud email is a type of email service that is hosted and managed by a third-party provider. Instead of running their own email servers and software, organizations can use a cloud email service to handle all of their email needs. Cloud email services are typically accessed through a web-based interface, allowing users to access their email from any device with an internet connection. Cloud email services are often preferred over traditional on-premises email solutions because they are more scalable, flexible, and cost-effective.

Common Vulnerabilities and Exposures (CVE)

A list of security vulnerabilities and exposure records that allow companies to better classify, identify and organize phishing threats with the goal of accelerated remediation.

→ Read More

Compliance Monitoring

Compliance monitoring involves the continuous surveillance, review, and analysis of organizational performance and risk indicators to ensure that policies, procedures, and regulatory requirements are followed, thereby safeguarding data, maintaining privacy, and preventing costly violations or interruptions caused by non-compliance.

→ Read More

Computer Vision

An advanced technology that helps to prevent credential harvesting and PII leaks by looking at visual deviations from the norm common with fake web pages. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision provides a critical additional layer of defense since they do not rely on simple pattern-matching technologies.

→ Read More

Consent Phishing

Consent phishing is a targeted attack that deceives users into granting excessive permissions to malicious third-party applications, allowing attackers to access sensitive data.

→ Read More

Content Disarm & Reconstruction (CDR)

A computer security technology that removes malware from code. It is commonly offered as part of a larger email security solution as a bolt-on focused on cloud-based email endpoints.

→ Read More

Conversation Overflow

Conversation Overflow is a cyber attack that uses hidden text in harmless-looking emails to fool AI and machine learning algorithms in email security solutions, allowing hackers to infiltrate corporate networks and pose a significant threat to organizations worldwide.

→ Read More

Credential Harvesting

A highly common phishing tactic where attackers will attempt to lure a recipient into entering their password or other compromising log-in information, usually via a web page. This is most often deployed via spear phishing.

→ Read More

Credential Stuffing

Credential stuffing is a type of cyberattack in which the attacker uses a list of stolen usernames and passwords to gain unauthorized access to a large number of accounts. The attacker obtains the list of stolen credentials through various means, such as purchasing them on the dark web or scraping them from publicly available data breaches. Once they have the credentials, they use automated tools to try each username and password combination on a target website or service.

→ Read More

Data Breach

A data breach refers to any incident where unauthorized individuals gain access to sensitive or confidential data. This can include personal information like social security numbers, financial data, healthcare records, or corporate information such as customer databases and intellectual property. 

→ Read More

Data Brokers

A data broker, often referred to as an information broker, is a business that collects, aggregates, organizes, and sells or distributes information about individuals to other businesses, organizations, or entities.

→ Read More

Data Leak

A data leak refers to the accidental exposure of sensitive information either at rest or in transit. Data leaks can occur through various avenues, including unprotected databases, misconfigured servers, or human errors like inadvertently sending an email containing confidential data to the wrong recipient.

→ Read More

Data Loss

Data loss encompasses incidents where sensitive data is unintentionally misplaced or stolen through cyberattacks or insider threats. While this definition overlaps with data breaches, data loss also includes scenarios where information cannot be retrieved due to system errors or hardware failures.

→ Read More

Data Loss Prevention (DLP)

A capability of some email security solutions that prevents sensitive information or data from leaving an organization via email. This is a common add-on service offered by email providers such as Microsoft.

→ Read More

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC helps protect a company from unauthorized use of its domain name by malicious actors sending fraudulent emails. It works by evaluating messages that are sent from a particular domain and comparing them to the record published in the DNS by the owner.

→ Read More

Domain Keys Identified Mail (DKIM)

This is an email security standard that uses cryptography to ensure that messages aren’t manipulated between sender and receiver. DKIM helps improve email deliverability rates, while also reducing the frequency of domain spoofing. 

→ Read More

Domain Phishing

A type of spoofing email in which an attacker sends a malicious message from a fraudulent domain that is an exact match to the spoofed brand’s domain (Example: TimCook@apple.com). These messages are detectable by many anti-phishing technologies since the sender domain can be easily identified as false.

Email Encryption

Email encryption is a security measure that is used to protect the confidentiality of email messages. Encryption is the process of encoding information in such a way that only authorized parties can access it. In the context of email, encryption is used to ensure that only the intended recipient of an email message can read its contents.  Email encryption typically involves the use of a mathematical algorithm to encrypt the contents of the email. The sender and recipient of the email must each have a unique encryption key, which is used to encode and decode the message. When the recipient receives the encrypted email, they use their encryption key to decode the message and read its contents.

→ Read More

Email Security Orchestration, Automation, and Response (M-SOAR)

This solution is commonly deployed by email security companies, including IRONSCALES, with end-to-end security to identify and remediate threats while continuously learning to better improve the process.

Extended Detection and Response (XDR)

Similar to SIEM, XDR solutions aggregate data across endpoints, including antivirus, firewall, and more. Security analysts leverage XDR to provide a full picture of an organization’s threat landscape, which, of course, includes email.


Extortion phishing scams leverage scare tactics, including blackmail, threats, or coercion, to intimidate victims into paying a ransom or providing them with a specific service. These types of scams, which are increasing in frequency, often threaten to spread sensitive information such as private photos and videos (whether the attackers actually have this compromising info).

Fake Login Pages

These nefarious, yet often highly realistic-looking website pages, are an increasingly common technique deployed by attackers seeking to obtain a person’s login credentials to a legitimate website in order to harvest personal or company information and commence with illegal activity, such as credit card fraud, identity theft, and more. Adversaries are able to bypass both human and technical controls by exploiting inattentional blindness. Last year we identified more than 200 major brands significantly impacted by fake login pages in the first half of the year.

→ Read More

Financial Fraud

Similar to credential harvesting, except that instead of trying to get someone to enter their password, the attacker’s goal is to get the recipient of the phishing email to enter compromising info that can later be used to steal money. This can include bank account information, credit card numbers, social security numbers, and more.


Graymail is a term used to describe a type of email that is not spam but is not necessarily wanted or expected by the recipient. Examples of graymail include newsletters, promotional emails, and other types of marketing messages. 

→ Read More

Generative AI

Generative AI involves the use of machine learning algorithms to generate novel content by learning from large datasets; it can be applied in various fields, in cybersecurity, generative AI is utilized for defensive purposes to enhance threat detection, response, and security training.

→ Read More

Hidden Text/Zero Font

This technique implements hidden text with a font size of zero within a phishing email. Since a human reader cannot detect the zero-width characters, these malicious emails often appear legitimate to unsuspecting users. Invisible characters are also capable of bypassing legacy email security defenses, which is why the best way to defend against this type of attack is to turn to AI-powered email security tools that use natural language processing and computer vision to detect anomalies.


In cybersecurity, a honeypot is a network-attached system set up as a trap to attract attackers, gather data on their techniques, and divert their attention from real systems, helping organizations enhance their threat intelligence and defensive strategies.

→ Read More

HTML Smuggling

HTML Smuggling involves leveraging HTML5 and JavaScript to dynamically create a blob (Binary Large Object) containing the malicious payload. This blob is then converted into a downloadable file using HTML5 APIs.

→ Read More

Identity Fabric

Identity Fabric is a deployment architecture that enables individuals to securely utilize their personal identities across multiple online platforms, allowing for seamless authentication and access, while providing organizations with a unified framework for identity management and control. It ensures consistent identity and access policies across diverse cloud environments and mitigates the risks associated with identity fragmentation and vendor lock-in.

→ Read More

Image-Based Phishing Attacks

Image-based phishing attacks use images instead of words to mimic authentic emails, slipping past the usual security measures that scan for malicious intent in text-based email attacks. In these attacks, the bulk, or sometimes all, of an email's content is made up of images. This approach exploits a weak spot in traditional email security systems, which are not engineered to analyze images for threats, including harmful links, QR Codes, and signs of phishing. By relying on visuals, these attackers sidestep the common text-based checks, making it tougher for security protocols to detect.


A type of spoofing attack, with or without a payload, in which adversaries take on the persona of a colleague, vendor, partner, friend, or family member to achieve a specific objective. Such attacks can be used for quick financial gains or deployed as part of an advanced persistent threat (APT) in which reconnaissance is the main objective.

→ Read More

Impossible Travel

Impossible travel is a cybersecurity anomaly detection method that identifies potential compromises by analyzing user login activities and correlating them with geographical locations, specifically flagging instances where a user's account is accessed from two different countries in a suspiciously short time period.

→ Read More

Indicator of Compromise (IoC)

IoC-focused email defenses are commonly found in SEGs, which rely on technology to identify phishing threats that contain a malicious payload (URL, attachment). However, this technology is ineffective in remediating the rise of social engineering attacks.

→ Read More

Insider Threat

An insider threat can come from a variety of sources, such as a current or former employee, contractor, or business partner who has authorized access to the organization's systems and information. Insider threats can take many forms, such as theft of sensitive information, sabotage of critical systems, or unauthorized access to confidential data. Because insiders already have access to the organization's systems and networks, they can be particularly difficult to detect and prevent.

Integrated Cloud Email Security solution (ICES)

This is where many modern email security solutions sit, including IRONSCALES. While the efficacy and integrated advanced technologies vary, most email security companies claim to offer robust advanced threat capabilities to prevent all types of phishing techniques that would normally breach Secure Email Gateways.

→ Read More

Invoice Fraud

Invoice fraud is a well-coordinated ploy in which an attacker attempts to scam a business into paying a fake invoice–or paying a legitimate invoice to a fake account–by impersonating a vendor or partner. These targeted attempts are less likely to be flagged as spam since they don’t contain links or attachments that are deemed suspicious by most email security filters.

→ Read More

IoT Security

IoT security refers to the measures and practices designed to protect Internet of Things (IoT) devices, networks, and data from unauthorized access, manipulation, and exploitation.

→ Read More

IP Reputation

IP reputation is a measure of the trustworthiness of a particular IP address on the internet. IP addresses are unique numerical labels that are assigned to every device that is connected to the internet. IP reputation is used to determine whether an IP address is known to be used for malicious or fraudulent activity, such as spamming or phishing.

→ Read More

Large Language Model

Large Language Models (LLMs) are advanced deep-learning models that understand and generate text in a human-like fashion, transforming the way computers process and generate language.

→ Read More


The Log4j exploit refers to a severe security vulnerability in the widely adopted Log4j logging library, enabling attackers to remotely execute malicious code and infiltrate systems, leading to unauthorized access and potential data breaches. This exploit poses a significant risk as it affects numerous software applications and online services that utilize Log4j for logging purposes.

→ Read More

Machine Learning

Fundamentally, machine learning is the ability of machines to become smarter through experience. Machine learning makes AI possible and uses algorithms to query vast amounts of data, discover patterns and generate insights. In email security, machine learning can automate the task of phishing attack discovery via scanning messages and other proprietary analytics

→ Read More


Otherwise known as malicious coded software, malware is commonly deployed via email and is used to disrupt or destroy networks, servers, and devices. Examples of malware include Trojan horses, spyware, adware, and viruses.


Man-in-the-middle attacks occur when a threat actor intercepts and alters the communication between two parties without their knowledge. The attacker essentially acts as a "middleman" between the two parties, allowing them to send and receive messages as usual, but secretly modifying the messages to achieve their own ends.

→ Read More

MFA Bypass

MFA (multi-factor authentication) bypass is unauthorized access gained by exploiting MFA system weaknesses. MFA adds security layers using passwords, tokens, or biometrics. Attackers create ways to get around these measures, compromising targeted systems.

→ Read More

MFA Fatigue Attacks

MFA Fatigue Attacks, also known as MFA Prompt Bombing, MFA Push Spam, or MFA Bombing, are social engineering tactics employed by cyber attackers to bypass multi-factor authentication (MFA) security measures and gain unauthorized access to accounts. These attacks exploit human psychology, overwhelming users with a barrage of MFA prompts until they unwittingly approve one, often out of frustration, confusion, or sheer exhaustion.

→ Read More

MX Record

MX record (Mail eXchanger record) is a type of DNS record that specifies the server that is responsible for receiving email for a particular domain. When an email is sent to an address at a specific domain, the sender's email server looks up the MX record for that domain to determine where the email should be delivered. MX records are typically stored in the DNS records for a domain, and they specify the hostname of the server that should be used to deliver email for that domain, as well as a priority value that indicates the order in which servers should be tried if multiple MX records are present.

→ Read More

Natural Language Understanding (NLU)

An emerging advanced technology used in many technology sectors. In email security, it leverages advanced machine learning and neural networks to automatically detect and respond to the most common types of BEC attacks. Importantly, NLU is what allows IRONSCALES to understand both the “what” and the “who” of suspicious messages.

→ Read More

OCR Deep Learning

OCR Deep Learning uses AI algorithms to enhance OCR accuracy by training on large datasets, improving text recognition even in complex scenarios.

→ Read More

Outbound Email Protection

Outbound email protection is a security measure that monitors emails sent from within an organization to external recipients, ensuring sensitive data isn't unintentionally shared. It utilizes a combination of machine learning, predefined rules, and encryption to detect anomalies, prevent data breaches, and maintain compliance.

→ Read More


Pharming is a type of cyber-attack in which the attacker redirects traffic from a legitimate website to a fake one to steal sensitive information. Unlike phishing attacks, which rely on tricking individuals into providing their information, pharming attacks use technical means to redirect traffic without the victim's knowledge.

→ Read More


Delivered via phone, text, email, or social media, phishing is the oldest yet most prominent tactic in which criminals attempt to trick an unsuspecting recipient into taking an action, such as wiring money. It is estimated that phishing accounts for nearly 90% of all cyberattacks worldwide.

Phishing Button

This is a common feature found across many email security products. The button empowers users who receive a suspicious email to quickly click “spam alert” or “phishing” so that the email is then routed to a phishing mailbox for further investigation.

Phishing Mailboxes

These mailboxes received user/employee-reported email threats.

Phishing Simulation

Phishing simulation testing (PST) is a type of security test that is used to assess an organization's ability to detect and defend against phishing attacks. This test involves sending simulated phishing emails to employees or other users within the organization. The goal is to see how many people click on the malicious links or attachments within the email and how quickly they report it.

→ Read More

Polymorphic Attacks

This phishing technique is when a malicious actor implements slight but significant changes to an email’s artifacts, such as its content, copy, subject line, sender name, or template in conjunction with or after an initial attack has deployed. This strategic approach enables attackers to quickly develop attacks that trick signature-based email security tools that were not built to recognize such modifications to threats. With the ease associated with the development and delivery of polymorphic attacks, it is no surprise that 42% of all phishing attacks are polymorphic.

→ Read More


Pretexting is a form of social engineering where attackers deceive victims by fabricating scenarios and establishing trust to extract sensitive information, often posing as trusted individuals or organizations. It involves manipulating victims into divulging personal data or performing actions that benefit the attacker's objectives.

→ Read More

Quantum Cryptography

Quantum cryptography harnesses the power of quantum particles to establish unbreakable encryption, offering unparalleled security for transmitting sensitive information.

→ Read More


Quishing, short for "QR code phishing," is a cyberattack method where malicious actors use QR codes to deceive users into visiting fraudulent websites, potentially leading to the theft of sensitive information or the distribution of malware.

→ Read More


An increasingly popular malware strain, ransomware encrypts the victim’s data and then demands a sum of money (to be paid in bitcoin) in order to receive the decryption key. The criminal typically makes a threat to release the victim’s data to the internet and/or dark web if payment isn’t made. The Justice Department reports more than 4,000 ransomware attacks per day in the U.S. alone.

→ Read More

Ransomware as a Service (RaaS)

Ransomware as a Service operates on a model where cybercriminals lease out sophisticated ransomware tools, enabling even those with minimal technical skills to launch complex attacks. 

→ Read More


An extremely common solution for a variety of technologies used by engineers and other users can safely test new technologies before they are widely deployed into production. However, sandboxes differ in email security, referring to the isolation of a suspicious URL or attachment in a phishing email. This is particularly useful for zero-day attacks that bypass existing technical defenses.

→ Read More

Secure Email Gateway (SEG)

Some of the most commonly deployed email security solutions, SEGsas identified by Gartner, “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.” So what is the problem with SEGs? IRONSCALES research shows advanced phishing attacks bypass leading SEGs at a nearly 50% clip.

Security Awareness Training (SAT)

Security awareness training is a type of educational program that helps employees and other organizational members to become more aware of security risks and learn how to protect themselves, their work, and the organization from potential attacks.

→ Read More

Security Information and Event Management (SIEM)

Email security solutions often integrate with SIEM tools. The email security tools send logs to the SIEM, which then consolidates logs from all connected security technologies, analyzes the data and then generates alerts for analysis and reporting.

→ Read More

Security Operations Center (SOC)

A Security Operations Center (SOC) is a central function within an organization dedicated to monitoring, detecting, analyzing, responding to, and reporting security incidents and threats.

→ Read More

Sender Policy Framework (SPF)

This is a policy that protects against domain spoofing by hardening DNS servers and restricting access to senders. SPF enables Internet Service Providers (ISPs) to verify that a mail server is authorized to send an email from a specific domain. Learn how to setup SPF here.

→ Read More

Simple Mail Transfer Protocol (SMTP)

The purpose of SMTP is to help organizations send and receive emails. While helpful for deliverability, this protocol remains highly vulnerable because it does not encrypt or authenticate messages.

→ Read More

Single Sign-On (SSO)

Single sign-on (SSO) is a user authentication process that permits a user to enter one set of credentials (e.g. username and password) to access multiple applications or systems. In most cases, SSO uses an identity provider (IdP), which is a service that authenticates users and provides them with the necessary credentials to access different systems.


Delivered via SMS, smishing text messages are phishing attack techniques containing malicious URLs that attempt to lure recipients into visiting risky websites, downloading malware onto their mobile devices, or sharing login credentials. These text messages can sometimes appear to be from trusted senders, such as banks and online retailers, making them a real threat to people who are only accustomed to looking for phishing attempts via email attacks.

→ Read More

Social Engineering

Growing in popularity, social engineering occurs when an attacker uses psychological manipulation to trick a person or company into taking an action, such as providing login credentials, paying a fraudulent invoice or sharing personally identifiable information (PII), such as a social security number. According to Verizon, social engineering now occurs in almost 60% of phishing attacks.

→ Read More


These junk and unsolicited email messages have historically been more annoying than risky. However, spam is increasingly viewed as a cybersecurity threat due to inattentional blindness, which occurs when individuals fail to perceive an unexpected change in plain sight.

→ Read More

Spam Mailbox

These mailboxes are commonly found in most email clients as “spam” folders where junk and/or spam email is automatically routed.

Spear Phishing

The main difference between phishing and spear phishing is that spear phishing targets specific people and/or organizations with an ask to complete a specific task, such as downloading an attachment or clicking on a link, while phishing is often distributed at random to widespread audiences. Oftentimes, engaging with the payload enables adversaries to access the information needed to institute a major cyberattack. 

→ Read More


Email spoofing occurs when an attacker sends a malicious message with a false sender address to steal personal information, infect computers with malware, or leverage extortion to steal money. There are four primary types of spoofing attacks, including exact sender name impersonations (the most common), similar sender name impersonations, look-alike/cousin domain spoofing, and exact domain spoofs.

→ Read More


Spyware is a type of malicious software that surreptitiously gains access to computer and mobile devices, stealthily capturing users' personal information and activities, which it then transmits to third parties without their knowledge or consent, posing serious privacy and security risks.

→ Read More

Supply Chain Attacks

A supply chain attack is a cyberattack strategy that targets trusted third-party vendors or suppliers within an organization's supply chain network, exploiting vulnerabilities in their systems or software to gain unauthorized access to the target organization's network or data. These attacks compromise the integrity of the entire supply chain, allowing attackers to propagate malicious code or malware to unsuspecting downstream users.

→ Read More

Threat Assessment

Cybersecurity threat assessment involves systematically analyzing and understanding the various threats that can compromise the security of an organization's digital assets, followed by evaluating the likelihood of those threats occurring and assessing their potential impact to prioritize and implement effective security measures.

→ Read More

Threat Exposure Management

Threat Exposure Management involves implementing a systematic program to continually evaluate and address the accessibility, exposure, and exploitability of an organization's digital and physical assets, enabling proactive risk mitigation and aligning security controls with business objectives. It encompasses processes, capabilities, and components such as external attack surface management, risk-based vulnerability management, and threat intelligence platforms to enhance visibility, prioritize remediation efforts, and improve overall security resilience.

→ Read More


Also known as URL hijacking, typosquatting preys on inattentional blindness by leveraging small deviations in domain names to lure them into visiting malicious websites. These deviations include scrambled letters, wrong domain endings, and other typographical errors that can easily lure victims to fake websites and fake login pages. Once lured, typosquatters have an easy opportunity to harvest personal and financial information to make quick money.

→ Read More

Two-factor Authentication & Multi-Factor Authentication

Two-factor authentication (2FA) is an additional layer of security that can be used to protect sensitive data and systems. 2FA requires users to provide two different pieces of information in order to gain access, such as a password and a one-time code generated by a mobile app.

Multi-factor authentication (MFA) is similar to 2FA, but often requires three or more different pieces of information to gain access. MFA is often used for high-security systems or data, such as financial accounts.

Unicode Domain Phishing

As a result of the internationalization of the World Wide Web and the rise of internationalized domain names (IDNs), cybercriminals can exploit Unicode domains to make dangerous websites appear safe and authentic. Unicode domain phishing replaces characters in the domain with similar characters from a foreign language, allowing the fraudulent website to bypass web browser protections and legacy email security tools.

Vendor Email Compromise (VEC)

Vendor Email Compromise (VEC), sometimes referred to as Vendor Impersonation or Vendor Spoofing, begins with an attacker gaining access to the vendor’s email, or impersonating them, in a targeted attack on their customers.

→ Read More


This type of phishing attack technique tricks victims intogiving up sensitive personal information over the phone, such as credit card numbers and passwords. By relying on social engineering to prey on human emotions such as greed or fear, unsuspecting victims can easily be duped into giving attackers exactly what they’re looking for. The FBI has reported that vishing techniques are increasing with great frequency.

→ Read More

Watering Hole Attacks

Watering Hole Attacks involve hackers exploiting vulnerabilities in popular websites to inject malware, tricking users into visiting compromised sites, and covertly infecting their computers, enabling the attackers to infiltrate targeted organizations' networks.

→ Read More


Directed at senior executives at mostly large corporations, Whaling attacks are targeted spear-phishing campaigns aimed at tricking high-level executives and organizational leaders into sharing confidential or proprietary information that can be used for financial fraud and other forms of exploitation.

→ Read More

Zero Trust

Zero Trust is a security model that eliminates the default trust given to users and devices, implementing a continuous verification process based on user identities, device postures, and contextual factors to ensure secure access to resources, irrespective of network perimeters or locations. It rejects the assumption that internal users are inherently trustworthy and focuses on granting access only to authorized individuals and systems on a need-to-know basis.

→ Read More

Explore Our Platform Tour

Immediately jump into an interactive journey through our AI email security platform.

Featured Content

AI in Email Security

This comprehensive Osterman Research study explores the evolving landscape of AI-driven threats and innovative solutions implemented to stay ahead.

Gartner® Email Security Market Guide

This guide gives email security experts an exclusive access to Gartner® research to ensure their existing solution remains appropriate for the evolving landscape.

Defending the Enterprise from BEC

Data shows organizations deploy defense-in-depth approaches ineffective at addressing BEC attacks. Discover truly effective strategies in this report.

Schedule a Demo

Request a demo to see what IRONSCALES AI-powered email security can do for you.