Phishing Glossary

Key Concepts and Terms

Account Takeover (ATO)

ATO occurs when threat actors gain access to a target's account, often facilitated by credentials stolen through phishing attacks

Advanced Persistent Threat (APT)

APT is a sophisticated cyberattack campaign in which an attacker, often a nation-state or state-sponsored group, establishes an undetected presence in a network to steal sensitive information over an extended period

Adversarial Phishing Simulation (APS)

APS are controlled exercises designed to mimic sophisticated, real-world phishing attacks by applying offensive security principles. They are used to educate about phishing tactics and to assess and improve an organisation's security awareness and posture

APS Kill-Chain

The sequential stages of an APS, from initial planning and pretexting to deployment, data collection, and ultimately, the reporting and analysis of user behaviour and results

Angler Phishing

An attack where malicious actors impersonate customer support on social media platforms to deceive users into revealing sensitive information or clicking malicious links

Anti-Malware Software

A program designed to prevent, detect, and remove malicious software (malware) such as viruses, worms, ransomware, and spyware from a computer system

Artificial Intelligence (AI)

The development of computer systems capable of performing tasks that typically require human intelligence. In cybersecurity this involves computer systems mimicking human intelligence to enhance phishing attacks through personalisation or to improve threat detection and analysis

AI TRiSM (Trust, Risk & Security Management)

AI TRiSM focuses on establishing the trustworthiness, managing risks, and ensuring the security of AI systems throughout their operation, which in cybersecurity specifically addresses AI used in both offensive tactics and defence

Attack Surface

Represents the various points through which an attacker can attempt to deceive users and gain access to systems or information

Attack Vector

The method or pathway used to exploit a vulnerability and gain unauthorised access to a system or network, such as sending a malicious email in a phishing attack

Authentication

The process of verifying the identity of a user, device, or application to ensure that they are who they claim to be before granting access to resources or systems, a crucial security measure often bypassed in successful phishing attacks

Baiting

A social engineering attack that entices victims with a false promise to lure them into performing an action that compromises their security

Bulk Phishing

A widespread phishing campaign that sends out a high volume of generic phishing emails to a large and indiscriminate list of recipients, hoping that a small percentage will fall victim

Business Email Compromise (BEC)

Phishing attacks targeting organisations, where threat actors impersonate executives or trusted entities via email to deceive employees into performing actions such as transferring funds or divulging sensitive information

Clickjacking

A malicious technique that tricks users into clicking on a concealed element, such as a button or link, on a seemingly legitimate webpage, often leading to unintended actions like downloading malware

Clone Phishing

A type of phishing attack where a legitimate, previously delivered email containing an attachment or link is taken and its content and recipient addresses are used to create an almost identical, malicious email, often with a replaced attachment or link designed to compromise the recipient's system

Compromised Credentials

Usernames and passwords that have been exposed or stolen through security breaches or phishing attacks, allowing unauthorised access to accounts and systems

Consent Phishing

Attack where malicious actors trick users into granting authorisation to a seemingly legitimate third-party application, which then allows the attackers to access sensitive data or perform actions on the user's behalf without their direct knowledge

Conversation Overflow Attack

Sophisticated phishing technique that embeds malicious content within an email disguised by a large amount of benign text, designed to confuse AI and Machine-Learning (ML) detection defence systems

Credential Harvesting

Process by which attackers collect users' login credentials, such as usernames and passwords to gain unauthorised access to accounts and systems

CxO Fraud

A specific type of BEC attack where cybercriminals impersonate high-level executives to deceive employees into performing fraudulent actions

Cybercrime

Illegal activity involving a computer, networked device, or a network, often targeting data, systems, or users for financial gain or disruption, and frequently utilising techniques like phishing

Cybersecurity

The practices and technologies designed to protect computer systems, networks, digital data, and software from theft, damage, disruption, or unauthorised access

Data Breach

A security incident where unauthorised individuals gain access to sensitive information

Deactivation Scare Phishing

A tactic involving alarming messages sent to targets threatening account suspension or loss of access, the aim is to pressure users into immediate action

Deepfake Phishing

Utilises AI manipulated media, such as realistic-sounding audio or video of a known individual, to deceive targets

DomainKeys Identified Mail (DKIM)

An email authentication protocol that adds a digital signature to outgoing emails, allowing recipient servers to verify the sender's domain and detect spoofed emails

Domain-based Message Authentication, Reporting and Conformance (DMARC)

DMARC is an email security protocol that expands on SPF and DKIM, empowering domain owners to prevent phishing and spoofing by instructing email receivers on how to manage emails that fail authentication

Double-Barrel Phishing

A complex, multi-stage attack where the initial phishing attempt aims to gather information that is then used to craft a more convincing follow-up attack against the same target or others within the organisation

Email Account Compromise (EAC)

EAC occurs when an attacker gains unauthorised access to an email account, often through successful phishing attacks, allowing them to send malicious emails, steal sensitive information, or conduct further fraudulent activities

Email Authentication

Set of techniques and protocols, such as SPF, DKIM, and DMARC, used to verify the legitimacy of an email sender and prevent spoofing, a common tactic in phishing attacks

Email Phishing

Type of cyberattack where deceptive emails impersonating legitimate entities are deployed to trick recipients into compromising their security

Email Thread Hijacking

A phishing technique where attackers insert malicious content into an existing, legitimate email conversation to deceive participants into clicking malicious links or providing sensitive information, leveraging the trust established within the thread

Exploit

An exploit is a technique or piece of code that leverages a vulnerability in software or a system, often accessed through malicious links or attachments in phishing emails, to gain unauthorised access or execute malicious actions

Fund Transfer Fraud (FTF)

FTF is often facilitated by successful phishing attacks and BEC, involving deceiving individuals or organisations into making unauthorised wire transfers to attacker-controlled accounts

Generative AI

AI models capable of producing new, realistic content such as text, images, or audio, which can be leveraged in phishing attacks to create highly convincing and personalised lures

HTML Smuggling

A technique where malicious code is hidden within a HTML file in a phishing email, allowing it to bypass some security filters and reconstruct itself in the victim's browser to execute malicious actions locally

Internationalised Domain Name (IDN) Homograph Attack

A type of link manipulation where attackers use similar-looking characters from different alphabets (Unicode) to create deceptive domain names that visually resemble legitimate ones, tricking users into visiting malicious sites

Impersonation

Impersonation in phishing involves threat actors pretending to be a known entity, such as a trusted company or individual, to deceive their targets

Incident Response

The approach an organisation takes to address and manage the aftermath of a security breach or cyberattack, such as a successful phishing incident, aiming to minimise damage and restore normal operations

Indicators of Compromise (IOCs)

Pieces of forensic data, such as unusual network activity or suspicious file hashes, that suggest a system or network has been compromised

Invoice Fraud

A type of phishing attack where cybercriminals send fake or manipulated invoices, often impersonating legitimate suppliers, to trick organisations into making unauthorised payments

Link Manipulation

A phishing tactic involving attackers disguising malicious URLs to appear legitimate, often through techniques like lookalike domains or embedding the malicious link behind deceptive text, to trick users into clicking them

Macro

A sequence of automated commands that can be embedded within applications like word processors or spreadsheets to perform repetitive tasks, but can be maliciously exploited in phishing attacks to execute harmful code if enabled by the user

Malicious Software (Malware)

Any software intentionally designed to cause harm to a computer, server, client, or computer network, often spread through phishing attacks via malicious attachments or links

Natural Language Understanding (NLU)

A branch of AI that enables computers to comprehend and interpret human language, a capability that can be leveraged by attackers to craft more convincing phishing emails or by defenders to better analyse and detect them

Notification Fraud

Deceptive messages that mimic legitimate alerts from trusted services or applications, designed to create urgency and trick users into taking immediate action that compromises their security

Offensive Security

A field within cybersecurity that involves proactively identifying and exploiting vulnerabilities in systems and networks, often mimicking attacker techniques, to improve defences and understand potential attack vectors

Open Source Intelligence (OSINT)

The collection and analysis of publicly available information to gain insights into individuals and organisations, attackers can leverage this to craft more targeted and convincing phishing attacks by gathering details about their intended victims and their organizations

Payload

The malicious component delivered to the victim after they interact with the phishing attempt, such as malware, a script to steal credentials, or a redirection to a fraudulent website

Personally Identifiable Information (PII)

Any data that can be used to identify, locate, or contact an individual, the theft of which is often the goal of phishing attacks

Pharming

A type of cyberattack that redirects users to fraudulent websites by manipulating DNS (Domain Name System) records, often without the user clicking on a malicious link, making it a more insidious threat than traditional phishing

Phishing

A type of cyberattack that uses deceptive communications, often disguised as legitimate requests, to trick individuals into revealing sensitive information, installing malware, or performing other harmful actions

Phishing as a Service (PaaS)

PaaS refers to illicit platforms and services that provide cybercriminals with the tools and infrastructure needed to launch phishing campaigns more easily and at scale, often including email templates, hosting, and tracking capabilities.

Phishing Template

Pre-designed email or webpage that mimics a legitimate communication or login screen, used in phishing attacks to deceive recipients

Polymorphic Attack

A type of attack where the malicious code or the phishing email itself changes its characteristics with each iteration to evade detection by signature-based security software

Pretexting

A social engineering technique used in phishing where an attacker fabricates a believable scenario or context for their attack

Protected Health Information (PHI)

Any health-related information that individually identifies a patient, and its confidentiality and security are often the target of phishing attacks aimed at healthcare organisations

QR Code Phishing (Quishing)

A type of phishing attack that uses malicious QR codes to direct victims to fraudulent websites, initiate malware downloads, or prompt them to enter sensitive information

Ransom Software (Ransomware)

A type of malware, often spread through phishing attacks, that encrypts a victim's files or locks their system, demanding a ransom payment in exchange for the decryption key or restoration of access

Ransomware as a Service (RaaS)

Cybercrime model where ransomware developers lease their malicious software and infrastructure to affiliate for use in attacks

Reconnaissance

The preliminary information-gathering phase where attackers collect details about their targets (individuals or organisations) to craft more effective and believable phishing attacks

Reporting Mechanism

A system or process that allows users to easily alert an organisation about suspected phishing attempts, contributing crucial information for timely threat detection and response

Right-to-Left Attack (RTL)

Attack in phishing involving using special Unicode characters to visually reverse parts of a domain name or URL, making a malicious link appear to be from a legitimate source, exploiting how some systems render text

Secure Email Gateway (SEG)

A security solution deployed to filter inbound and outbound email traffic, providing protection against various email-borne threats, including phishing attacks, by scanning for malicious content and suspicious characteristics

Security Awareness Training

An educational program designed to inform employees and individuals about cybersecurity threats, including phishing, and to teach them best practices for identifying, avoiding, and reporting such attacks to minimise risk

Security Breach

An incident that results in unauthorised access to or disclosure of sensitive information, often stemming from successful cyberattacks like phishing, compromising the confidentiality, integrity, or availability of data or systems

Security Posture

The overall strength of an organisation's cybersecurity defences, including its policies, procedures, technologies, and employee awareness, which collectively determine its cyber resilience

Sender Policy Framework (SPF)

An email security standard that helps prevent phishing by enabling domain owners to list authorised sending servers, so receiving servers can verify the legitimacy of incoming emails claiming to be from that domain

Session Hijacking

A type of cyberattack where an attacker gains unauthorised control over a user's active session with a web server or application, often by stealing session cookies obtained through phishing or other means, allowing them to impersonate the user and perform actions on their behalf

SMS Phishing (Smishing)

A type of phishing attack that uses deceptive text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading harmful content

Social Engineering

A deceptive tactic that exploits human psychology to trick individuals into making security mistakes, often the underlying method used in phishing attacks

Sophisticated Attack

A highly complex and often multi-stage cyberattack, potentially including meticulously crafted phishing elements, that leverages advanced techniques and resources to evade defences and achieve specific objectives

Spam Filter

A security mechanism that identifies and blocks unwanted, unsolicited, or malicious emails, including many phishing attempts, based on various content and sender characteristics

Spear Phishing

A highly targeted type of phishing attack that crafts personalised and convincing emails to specific individuals or groups within an organisation, often referencing their names, roles, or company-specific information to increase the likelihood of success.

Spoofing

A deceptive technique used in phishing where an attacker disguises their identity or the origin of communication (e.g., email address, phone number, website URL) to appear as a trusted source, tricking victims into believing the communication is legitimate

Spyware

A type of malware, often installed without a user's knowledge through phishing or other means, that secretly monitors and collects information about their activities, such as keystrokes, browsing history, and login credentials, and transmits it to the attacker

Supply Chain Attack

A Supply Chain Attack targets an organisation by compromising a less secure third-party vendor or partner in its supply chain, which can then be leveraged to gain access to the primary target's systems or data, and may involve phishing tactics to initially compromise the weaker link

Threat Actor

An individual or group with malicious intent who attempts to exploit vulnerabilities in systems or networks to achieve unauthorised access, often employing tactics like phishing to reach their targets

Typosquatting (URL Hijacking)

A form of link manipulation where attackers register domain names that are slight misspellings of popular websites to deceive users who mistype a URL, often leading them to malicious sites designed for phishing or distributing malware

Vendor Email Compromise (VEC)

A type of cyberattack where threat actors compromise a legitimate vendor's email account to send fraudulent invoices or requests to their customers, often exploiting established trust relationships to facilitate unauthorised payments or data theft

Voice Call Phishing (Vishing)

A phone-based scam where fraudsters pretend to be trustworthy organisations to deceive people into giving up personal details or taking harmful steps

Vulnerability

A weakness or flaw in software, hardware, or a process that could be exploited by a threat actor, to gain unauthorised access or cause harm to a system or its data

Whaling

A specific type of spear phishing attack that targets high-profile individuals within an organisation, such as executives, aiming to extract sensitive information or facilitate significant financial fraud

Zero Trust

A security model that operates on the assumption that no user or device should be inherently trusted, mandating rigorous verification for every access request to protect against breaches, including those originating from phishing