Advanced campaign
Definition
An advanced campaign refers to a carefully planned and executed cyberattack strategy employed by malicious actors to achieve specific objectives. Advanced campaigns often leverage extensive reconnaissance and tailored attack vectors to bypass security defenses and maximize the likelihood of success.
Related words
OSINT, reconnaissance, targeted attack
Example
The advanced campaign launched by the malicious actor successfully infiltrated the organization's network
Read more
We've seen advanced phishing campaigns many times this year. Find more from the Threat Feed.
Advanced Persistent Threats (APTs)
Definition
Advanced Persistent Threats are well-resourced entities that consist of organized and highly skilled cybercriminals. APT groups are often nation-state actors or state-sponsored groups, and they engage in sophisticated malicious cyber activity that is highly targeted. Some APT groups are driven by political motivations. Their objectives include espionage, data theft, and network/systems disruption or destruction. APT groups are often tracked based on their tactics, techniques and procedures (TTPs).
Related words
OSINT, reconnaissance, targeted attack
Example sentence
APT12 is a threat group that has been attributed to China.
Read more
What is spear-phishing and how do you recognize it?
Social Engineering—What Is it and How to Prepare For it? | Advanced Persistent Threats
What is A Spear-Phishing Attack and How Do You Recognize It?
How to Recognize and Avoid Phishing Attacks
Adversary-in-the-middle attack (AiTM)
Also known as Man-in-the-middle-attack (MiTM)
Definition
An AiTM is a cyberattack in which the perpetrator intercepts communications between systems or individuals in order to spy on, tamper with, or manipulate the flow of traffic or messages.
Related words
Example
Hackers used adversary-in-the-middle techniques to tamper with a software update process, allowing them to inject malware into legitimate updates and compromise users' devices.
Adversary-on-the-side (AotS)
Also known as Man-on-the-side (MotS)
Definition
An AotS is a cyberattack in which the perpetrator observes the flow of communications between systems or individuals without intercepting or manipulating the original packets sent by the systems but is able to inject its own packets into the flow.
Related words
attack vector, Man-in-the-Middle, MitM
Example
Alice requests a webpage from a server, a AotS attacker might observe the request and quickly send a malicious response to Alice before the genuine server can reply. Alice might believe the response is from the genuine server, not realizing it's from the attacker.
Did you know...
The 2013 global surveillance revelations revealed that the US National Security Agency (NSA) widely uses a man-on-the-side attack to infect targets with malware through its QUANTUM program.
Attack surface
Definition
Attack surface refers to the sum total of all the possible points or vulnerabilities in a system, network, or application that can be targeted or exploited by attackers. It encompasses the various entry points, software components, network connections, and configurations that can be potentially compromised to gain unauthorized access or perform malicious activities.
Related words
attack vector, network security, zero trust
Example
Organizations must regularly assess their attack surface by identifying and addressing vulnerabilities, implementing robust security controls, and staying updated with patches and security updates to prevent potential exploitation by malicious actors.
Did you know...
Attack vector
Definition
Attack vector refers to the path or method used by an attacker to gain unauthorized access, deliver malware, or carry out a cyberattack on a target system, network, or individual. Attack vectors can include various techniques such as phishing emails, social engineering, software vulnerabilities, or network exploits.
Related words
malware, phishing, social engineering, vulnerability
Example
Cybercriminals used social engineering as an attack vector by pretending to be the company's IT support and tricking employees into giving their credentials over the phone.
Did you know...
Attack vectors continue to evolve as new technologies emerge, and attackers continuously seek novel ways to exploit vulnerabilities.
Read more
Social Engineering—What Is it and How to Prepare For it? | Corporate Social Engineering Attack Scenarios
Tax phishing—Off the hook | Initial approach
Cybersecurity in a hybrid work environment | Phishing and email-based threats remain the top attack vectors
Social media phishing campaigns | Social media bad romance and pay-for-friends attacks
Emotional trigger phish—Off the hook | What makes an emotional attack vector so potent?
Authentication
Definition
Authentication is the process of verifying the identity of an individual, device, or system to ensure authorized access or usage. Authentication methods can include passwords, biometrics, security tokens, or multi-factor authentication (MFA).
Related words
access control, multi-factor authentication, zero trust
Example
The company implemented multi-factor authentication to enhance the security of user accounts and protect against unauthorized access.
Did you know...
Authentication is a critical component of cybersecurity, as it forms the foundation for ensuring that only authorized individuals or entities can access sensitive information or resources.
Read more
It's time to update your definition of phishing | Always use Multi-factor authentication
![;rom: (COMPANYI Online Notification Microsoft Security Authenticationl Scan Me you are being held responsible to review security [RECPIPIENT.NAME], update as of 01/06/2023. Quickly scan above QR Code with your phone camera. Review security requirements within 4 days of the received date by going to Account manager in the Security Center. [COMPANYIt 2023 Microsoft Corporation. All rights reserved.](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cdac_fb03bb85.png)
Authority impersonation
Definition
Authority impersonation refers to a deceptive tactic used by malicious actors to pose as individuals or organizations in positions of authority or trust. A position of authority would be someone you can’t opt out from. Attackers might accomplish this by impersonating CXO-level employees of a company or government officials.
Related words
business email compromise (BEC), caller ID spoofing, CXO fraud, coworker impersonation, email account compromise (EAC), spoofing, flash attack, impersonation, pretexting, social engineering
Example
Verifying the legitimacy of requests via multiple channels of communication is one way to lower the risks related to authority impersonation.
Did you know...
To more convincingly appear as legitimate authorities, cybercriminals may sometimes employ methods like caller ID spoofing and sender email spoofing.
Read more
The origins of the most brutal phishing techniques | Authority impersonation
Threat Feed Week 24 | Verohallinto impersonation
![Beneficiary Name Notification Date Notification Ref No. Notification Subject [RECIPIENT NAME] 12 - June - 2023 - 2nd Notice 203892948SDN You have been awarded a Cash Settlement This is not span This is an notice only for: [RECIPIENT NAME]. we regret to inform you that you have been a victim of Identity theft Your identity and consumer credit files were compromised during a data breach where milllons of user profiles were exposed to hackers and used in an identity theft scheme now uncovered by federal authorities and Interpol. Steps have since been taken to mitigate the issue. The offenders have been prosecuted and ordered to pay a substantial settlement in which you are eligible to receive a portion of, You are eligible for reimbursements of false acquisitions, compensation for potential impact on your credit, and any additional claims you may make. To request more information about the notification subject, simply reply to this notification with your Notification ID. 7800880 or contact the Clerk's Office by email at This is a Confider-fal Notification from the Manchester Magistrates' Court (Crown Square, Wood St, Manchester, Unned Kingdom), Any review, use, dissemination. disdosure or distribution by persons other than (RECIPIENT NAME] is prohibited is unlawful DO NOT SHARE OO NOT PRINT (Stay Paperless, save our Environment)](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cdba_8386c0cd.png)
Backdoor
Definition
A backdoor is a hidden or undocumented vulnerability or access point in software, systems, or networks. Backdoors are created deliberately and can be used to bypass normal security measures and gain unauthorized access or control. For example an APT could leave backdoors in systems or networks they have accessed and allow themselves to re-enter if necessary. Backdoors can also be intentionally created by the developers of software or the manufactures of a device. There are also cases where governments have been responsible for backdoors.
Related words
attack surface, exploit, vulnerability
Example
The cybercriminal exploited a backdoor in the software to gain access to the victim's computer and carry out illicit activities.
Did you know...
Backdoors can be intentionally created by software developers for legitimate purposes, such as remote administration, but they can also be maliciously inserted by attackers to maintain unauthorized access or control.
Read more
Botnet
Definition
A botnet is a collection of infected computers or other devices that are managed by a central command and control server. Botnets are frequently employed for malicious purposes like DDoS attacks, malware distribution, and spam emailing.
Related words
Example
The security team detected a large botnet responsible for launching massive DDoS attacks against multiple websites.
Did you know...
Thousands or even millions of infected devices can form a botnet, making them effective tools for cybercriminals to launch coordinated attacks.
Read more
Dawn of the undead king of malware, Emotet | How Emotet works
Browser-in-the-browser (BitB) attack
Definition
A browser-in-the-browser attack is simulates a login window with a spoofed domain within a parent browser window, similar to a pop-up ad. The user is then tricked into entering their login credentials on a malicious website that mimics the appearance of a legitimate login interface from a trusted service.
Related words
credential theft, phishing, malicious website
Example
Unbeknownst to the unsuspecting users, the website they accessed deployed a sophisticated browser-in-the-browser attack, presenting a convincing replica of a legitimate login window for a popular email provider, ultimately harvesting their login credentials.
Did you know...
Browser-in-the-browser attacks capitalize on users' familiarity with trusted login interfaces and exploit their implicit trust in the appearance and functionality of such windows.
Read more
This '90s internet throwback is the latest hacking trend
Bulk phishing
Definition
Bulk phishing is a type of phishing attack that involves sending out large volumes of fraudulent emails or messages to a wide range of recipients, with the aim of tricking them into revealing sensitive information or performing harmful actions. In bulk phishing, attackers often employ generic or mass-produced email templates and cast a wide net to maximize the chances of successful compromises.
Related words
widespread targeting, phishing kit
Example
Bulk phishing campaigns pose a significant threat to individuals and organizations alike, as cybercriminals leverage automation and scalability to target many potential victims simultaneously.
Read more
Business email compromise (BEC)
Definition
A BEC is a form of financially motivated phishing attack where attackers exploit existing relationships between a victim and an entity by posing as a trusted source to request unauthorised transactions. In order to facilitate this scam, BEC attacks can also involve attackers engaging in further fraudulent activities such as invoice manipulation. Email account compromises are sometimes used to execute these attacks.
Related words
authority impersonation, email account compromise (EAC), flash attack, fraudulent fund transfer (FFT), invoice fraud, CXO fraud, coworker impersonation, impersonation, pretexting, social engineering, vendor impersonation
Example
The company's finance division was the target of a BEC attack, which caused the company to suffer sizable financial losses.
Did you know...
BEC is one of the most financially damaging online crimes. In 2022, the FBI's Internet Crime Complaint Center (IC3) received 21,832 BEC complaints with adjusted losses over $2.7 billion. (source)
Read more
5 Ways to Prevent Business Email Compromise Attacks
Just how much of a threat is Business Email Compromise?
Why Business Email Compromise Attack Is The King Of Cybercrime
Caller ID spoofing
Definition
Caller ID spoofing is a practice in which malicious actors falsify the information displayed on the recipient's caller ID system to mislead or deceive them about the origin of a phone call. By manipulating the calling line identification, attackers can make it appear as if the call is coming from a different number, often mimicking a trusted entity or organization.
Related words
email spoofing, domain spoofing, impersonation, social engineering
Example
It is important to exercise caution when receiving calls, especially from unfamiliar or suspicious numbers, as caller ID spoofing can be used to disguise the true identity of the caller.
Did you know...
Caller ID spoofing can be facilitated through Voice over IP (VoIP) technology, allowing attackers to manipulate the calling information digitally.
Compromised credentials
Definition
Refers to usernames, passwords, or other authentication information that has been illicitly obtained or accessed by unauthorized individuals, typically through data breaches, phishing attacks, or other means.
Related words
stolen credentials, compromised accounts
Example
The cybersecurity team detected suspicious activity linked to compromised credentials and immediately initiated a password reset for the affected user accounts.
Did you know...
Compromised credentials are a valuable commodity for cybercriminals, as they provide unauthorized access to sensitive systems or information. Many data breaches occur due to the use of compromised credentials.
Read more
How much does phishing really cost businesses? | Where does this lead?
Consent phishing
Definition
Consent phishing is a method used by malicious actors in an attempt to trick victims into granting unauthorized access to their online data or accounts. In a consent phishing attack, the attacker sends a legitimate access request through a service hoping that the target will unwittingly agree to the request.
Related words
phishing, smishing, social engineering
Example
Employees fell for a consent phishing attack and unwittingly gave an unauthorized user access to sensitive company information stored online.
Coworker impersonation
Definition
Coworker impersonation refers to a technique where malicious actors pretend to be a colleague or coworker. Email, messaging services, or phone calls are used to impersonate a colleague and carry out the attack, in an effort to trick the target into disclosing confidential information or taking actions that are advantageous to the attacker.
Related words
business email compromise (BEC), CXO fraud, pretexting, impersonation, social engineering, spear phishing
Example
Reporting suspicious activities and following established protocols are vital in safeguarding against the risks associated with coworker impersonation.
Did you know...
Coworker impersonation attacks often rely on social engineering tactics and knowledge of internal organizational structures, including employee roles and relationships.
Read more
Threat Feed Week 18 | Coworker impersonation and changes in payroll request
Credential harvester
Definition
A credential harvester is a tool or technique used by cyber attackers to capture user credentials, often through websites designed to mimic legitimate login screens or forms.
Related words
credential theft, malicious website
Example
The cybersecurity team identified a credential harvester being hosted on a compromised website, targeting users of a popular online banking service.
![httpsWca1end1y_[MEDlA ACENCY].com O Log into Facehmk facebook Log Into Facebook Email phone number Pas sword Log In Fmgot % n u p k ErOi5h (US) Espano Deutsch Türkge Cpnco' Frances (France) Italiano eosanski Svensk Pomgues(BrasiI) Sig. up Log In Watch P" Portal 8u&tin Fundraisers Services Intormatjcn Cenac About Create Create Page Ckveopers Careers Privacy CookEs Ad cruces Calendlu](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cd52_e6a90316.png)
Did you know...
Credential harvesters are commonly used in phishing attacks, where unsuspecting users are lured into entering their credentials on fake login pages. These harvested credentials can be used for unauthorized access or sold on underground markets.
Read more
Top 5 things lurking behind forbidden phishing links
Threat Feed Week 25 | Phishing via calendar invite and Bitcoin credential harvester
Sophisticated new credential harvesting attack uses fake popups and fake Microsoft Windows OS
Everything You Wanted To Know About Malware | Credential Harvesting
Embedded Email Credential Harvesting
Social engineers targeting social media accounts
What are the top 10 costs of phishing? | 3. Credential compromises and phishing
CXO fraud
Definition
CXO fraud refers to a type of cyberattack in which malicious actors impersonate high-level executives or CXOs to deceive employees or organizations into transferring funds, sharing sensitive data, or initiating unauthorized transactions.
Related words
authority impersonation, business email compromise (BEC), caller ID spoofing, coworker impersonation, email account compromise (EAC), email spoofing, impersonation, phishing, pretexting, smishing, social engineering, vendor impersonation, vishing
Example
Verifying the authenticity of requests, implementing multi-factor authentication, and promoting a culture of skepticism towards unusual or urgent requests are crucial steps in preventing financial losses and reputational damage associated with CXO fraud.
Did you know...
CXO fraud can involve careful research and social engineering tactics to mimic the communication style and knowledge of high-ranking executives, increasing the likelihood of the attack being successful.
Read more
What is phishing training? | CEO Fraud
Just how much of a threat is Business Email Compromise? | CEO Impersonation
10 Phishing Training Lessons For Your Employees | CEO Fraud
Cyber resilience
Definition
Cyber resilience is the ability of individuals, organizations, or systems to withstand, recover from, and adapt to cyber attacks, data breaches, or other security incidents, while maintaining essential functions and operations.
Related words
human risk management, incident response, security policies
Example
Building a robust cyber resilience strategy involves proactive measures such as employee training and incident response planning.
Did you know...
Cyber resilience acknowledges the need to prepare for and effectively handle security incidents in addition to trying to prevent cyber attacks. It incorporates the concepts of adaptability and resilience in the face of evolving threats.
Dark web
Definition
The dark web is a part of the internet that is intentionally hidden and inaccessible through standard search engines. The dark web is often associated with illegal activities and black market transactions, as it provides anonymity to users through encryption and specialized networks like Tor.
Related words
deep web, onion services, hidden services
Example
Did you know...
While the dark web is known for illicit activities, it also serves as a platform for privacy-conscious individuals, whistleblowers, and journalists to communicate and share sensitive information securely.
Read more
The origins of the most brutal phishing techniques | Sextortion
Everything you need to know about ransomware | Who's behind ransomware attacks?
Data breach
Definition
A data breach is the unauthorized access, acquisition, or disclosure of sensitive and/or confidential information, such as personal data, financial records, or intellectual property, by an unauthorized third party.
Related words
customer lists, classified data, employment records, financial records, personal identifiable information (PII), privacy, protected health information (PHI), proprietary information, security breach, sensitive data, sensitive information, trade secrets
Example
The company experienced a data breach that exposed customer names, email addresses, and encrypted passwords.
Did you know...
Data breaches can result in significant financial losses, damage to reputation, and potential legal consequences for organizations that fail to adequately protect sensitive information. According to IBM, a data breach in the US in 2022 cost more than twice the global average.
Data theft
Definition
Data theft refers to the unauthorized acquisition, copying, or removal of sensitive and/or confidential information from individuals, organizations, or computer systems. In this type of cybercrime, perpetrators gain unauthorized access to data through various means, such as hacking, phishing, malware attacks, or physical theft of storage devices.
Related words
data breach, customer lists, classified data, employment records, financial records, identity theft, intellectual property theft, personal identifiable information (PII), protected health information (PHI), privacy, proprietary information, security breach, sensitive data, sensitive information, trade secrets
Example
Promoting strong password practices, employee education on data security, and implementing other security solutions are crucial steps organizations can take in safeguarding against data theft incidents.
Did you know...
The value of stolen data on the black market can vary depending on factors such as the type of information, its market demand, and the intended use by cybercriminals.
Read more
Denial-of-service (DoS) attack
Definition
A denial-of-service attack is a form of cyberattack that seeks to overwhelm a system, network, or service with an excessively high volume of traffic or resource requests to prevent it from being accessed by legitimate users and to disrupt its normal functioning.
Related words
distributed denial-of-service (DDoS) attack, botnet
Example
The website was the victim of a denial of service attack, rendering it inaccessible to regular users.
Distributed denial-of-service (DDoS) attack
Definition
A distributed denial-of-service (DDoS) attack is a malicious cyber attack in which multiple compromised devices, often forming a botnet, are used to overwhelm a target system, network, or service with a massive volume of traffic or resource requests. Like a denial-of-service attack, this coordinated assault exhausts the target's resources, leading to service disruption or unavailability for legitimate users.
Related words
denial-of-service attack, botnet
Example
A DDoS attack on a government website resulted in hundreds of compromised devices flooding the network, overwhelming the servers, and resulting in a complete service blackout.
Detection and response
Definition
The process of identifying and reacting to cybersecurity incidents or threats in a timely manner. Detection involves monitoring systems, networks, and logs for signs of suspicious activities, while response involves taking appropriate actions to mitigate the impact and prevent further damage.
Related words
incident response, threat detection
Example
The organization's cybersecurity team implemented an automated detection and response system to enhance their ability to quickly identify and contain security incidents.
DomainKeys Identified Mail (DKIM)
Definition
DKIM is an email authentication method that allows senders to digitally sign their outgoing messages, providing a cryptographic verification of the email's authenticity and integrity. DKIM helps in preventing email spoofing and tampering by adding a digital signature to the email header, allowing the recipient's server to verify the message's origin and ensure it has not been modified during transit.
Related words
DMARC, email authentication, email security, email spoofing, SPF
Example
By implementing DKIM, organizations can enhance the trustworthiness of their email communications, as recipient servers can verify that the messages have not been altered along the way.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Definition
DMARC is an email authentication protocol that helps organizations protect their domains from email spoofing, phishing, and unauthorized use. DMARC combines the use of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to verify the authenticity of incoming email messages and provides instructions on how to handle messages that fail authentication, such as quarantining or rejecting them.
Related words
email authentication, email security, SPF, DKIM, email spoofing
Example
Implementing DMARC enables organizations to establish a defense against email-based threats by enforcing strict authentication policies, while reducing the risk of unauthorized use of their domains for malicious purposes.
Email account compromise (EAC)
Definition
Email account compromise is a cyber attack where an attacker gains unauthorized access to an individual's email account, typically through phishing or exploiting vulnerabilities. Once compromised, the attacker can monitor emails, send fraudulent messages, or access sensitive information.
Related words
business email compromise (BEC), email security, exploit, impersonation, coworker impersonation, social engineering, vendor impersonation
Example
The organization experienced an email account compromise that resulted in confidential client data being exposed.
Did you know...
Email account compromises can have severe consequences, including financial loss, reputational damage, and unauthorized access to other accounts linked to the compromised email address. Read more
Why Business Email Compromise Attack Is The King Of Cybercrime
Email authentication
Definition
Email authentication is the process of confirming the legitimacy and integrity of an email message, to ensure it came from an authorized sender and wasn't altered while in transit. It involves setting up a variety of authentication methods and protocols to verify the sender's identity, find forged or spoofed emails, and improve overall email security.
Related words
email security, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting, and Conformance), email spoofing, MFA bypass
Example
By implementing strong email authentication mechanisms such as SPF, DKIM, and DMARC, organizations can significantly reduce the risk of email-based attacks and ensure that their email communications are more resistant to forgery, impersonation, and unauthorized manipulation.
Email security
Definition
Related words
spam filtering, secure email gateways, email authentication
Example
With the increasing prevalence of cyber threats, organizations must prioritize email security in order to reduce the risk of email-based attacks like phishing or malware distribution
Did you know...
Email is still the most popular communication channel in both personal and professional contexts, making it a highly convenient option for attackers.
Read more
How to write an email that won’t be mistaken for spam or a phishing attack | Staying of the hook
Email spoofing
Definition
Email spoofing is a technique used by malicious actors to forge or manipulate the email header information, making it appear as if the email originated from a different sender than it actually did. By altering the "From" field or other email header details, attackers can deceive recipients into believing the email is legitimate and trustworthy.
Related words
caller ID spoofing, email authentication, flash attack
Example
Implementing email authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) can help detect and prevent sender email spoofing attempts, ensuring that emails can be verified and trusted. Additionally, individuals should remain vigilant when receiving emails, carefully scrutinizing sender details and being cautious of unexpected or suspicious requests.
Did you know...
Advanced email spoofing techniques can even perfectly mimic the domain name of the legitimate sender, further enhancing the illusion of authenticity.
Read more
10 Phishing Training Lessons For Your Employees | 2. Spear Phishing
It's time to update your definition of phishing | Email spoofing
Email thread hijacking
Definition
Email thread hijacking refers to a tactic in which an attacker gains unauthorized access to an ongoing email conversation between multiple individuals. By intercepting or compromising one or more email accounts involved in the thread, the attacker can impersonate legitimate participants or inject malicious links or attachments.
Related words
email account compromise (EAC), business email compromise (BEC), pretexting, social engineering
Example
When participating in email threads, individuals should proceed with caution and keep an eye out for any indications of suspicious activity, such as sudden changes in email content.
Did you know...
In business or professional settings, email thread hijacking can be especially effective as it may give attackers access to sensitive data.
Read more
On the infamous email at the center of the Equifax breach that went to 486 people
Exploit
Definition
An exploit refers to a piece of code, software, or technique used by attackers to take advantage of vulnerabilities or weaknesses in a system, application, or network. Exploits can allow attackers to gain unauthorized access, execute malicious actions, or bypass security controls. Typically crafted to target specific vulnerabilities, exploits can be deployed through various means, such as malicious websites, email attachments, or network-based attacks.
Related words
attack surface, payload, vulnerability
Example
Cybercriminals actively search for and exploit vulnerabilities in software to compromise systems and steal sensitive information.
Did you know...
Exploits are often traded on the dark web, creating a market for buying and selling weaponized code.
Read more
Everything You Wanted To Know About Malware | Malicious website infection
Log4j Log4shell vulnerability explained: Just when you thought it was safe to go on winter holiday
Vulnerability reported and fixed: Arbitrary file execution in Foxit PDF clients
Fake invoice
Definition
A fraudulent invoice or bill sent to individuals or organizations, typically via email, with the intention of tricking them into making payments to the attacker's account. Fake invoices often mimic legitimate invoices from trusted vendors or service providers.
Related words
invoice fraud, invoice phishing
Example
The finance department received a fake invoice that closely resembled a legitimate vendor's billing, highlighting the importance of verifying payment requests.
Did you know...
Between 2013 and 2015, a con artist sent fake bills to Facebook and Google, defrauding the companies out of more than $120 million.
Read more
Beware of the fake invoice | Breakdown of a fake invoice
Uh oh! Do you owe? When invoices strike back
Threat feed 15 | Electricity Invoice
Thread feed 26 | Unpaid Invoice
Thread feed 44 | Payment reminder
Fake notification
Definition
A deceptive email or SMS message designed to appear as an official notification from a reputable organization or service provider, aiming to trick recipients into taking action, such as clicking on malicious links, downloading malware, or providing sensitive information.
Related words
consent phishing, phishing, smishing
Example
The employees were warned about the risks of fake notifications claiming to be from the company's IT department, urging them to update their login credentials.
Did you know...
Fake notifications often exploit individuals' curiosity or concern about important updates or account security, prompting them to take immediate action without carefully verifying the authenticity of the message.
Read more
Threat feed | Facebook notification
Threat feed | Adobe Acrobat notification
Threat Feed 19 | Docusign
Flash attack
Definition
A flash attack is a type of phishing attack that involves creating deceptive domain names to trick users. Attackers typically either add characters to or subtracting them from a legitimate domain name (e.g., hoxhuntt.com or hoxhnt.com), substitute characters (e.g., hoxhvnt.com), or use alternative domain extensions (e.g., hoxhunt.biz or hoxhunt.co). These variations aim to make the website appear legitimate, with the hope that the user won't notice the difference. The flash attack domains are usually bought in bulk, and taken down quickly after discovery.
Example
Several employees fell victim to a flash attack when they received an email that originated from a domain name closely resembling their company's official website.
Did you know...
The name flash attack is based on the speed the deceptive domains are taken down with.
Read more
Threat feed 26 | suomi.fi
Threat feed 26 | Company impersonations
Threat feed 16 | Booking.com
Threat feed 33 | DocuSign
Financial institution impersonation
Definition
A financial institution impersonation is a phishing attack specifically targeting online banking customers. In a financial institute impersonation, the malicious actor seeks to trick victims into divulging their banking credentials, account information, or other sensitive data through emails, text messages, or fake financial websites.
Related words
fake invoice scam, social engineering, service impersonation
Example
Customers of one of the largest banks in the country are the target of a fresh round of financial institute impersonation attacks that have been carefully designed to mimic the layout and format of the bank’s official messaging.
Did you know...
Financial institute impersonation attacks often exploit individuals' concerns about their finances and use urgency or fear tactics to prompt immediate action.
Read more
Threat feed 44 | OP Financial Group
Funds transfer phishing attacks work better with a crisis
Top 3 Banking Phish of Winter 2021
Fraudulent fund transfer (FFT)
Definition
A fraudulent fund transfer refers to an unauthorized or deceitful transaction where cybercriminals manipulate individuals or systems to transfer funds to their own accounts or other illegitimate destinations. This type of cyberattack often involves exploiting vulnerabilities in financial systems, social engineering techniques, or the use of compromised credentials to initiate the transfer.
Related words
financial fraud, invoice fraud, wire transfer fraud, unauthorized transactions
Example
The company fell victim to a fraudulent fund transfer scheme, resulting in a significant financial loss.
Read more
Funds transfer phishing attacks work better with a crisis
Pretexting is a simple and effective phishing attack without links | What happens when you respond to a pretext?
Gamification
Definition
The application of game elements and mechanics, such as competition, rewards, and challenges, in non-gaming contexts to engage and motivate individuals to achieve specific goals.
Related words
engagement strategies, user engagement
Example
The company implemented a gamification program to encourage employees to actively participate in cybersecurity training modules and improve their security awareness.
Did you know...
Gamification has proven to be an effective strategy for enhancing user engagement and motivation in various fields, including cybersecurity training. By introducing elements of competition and rewards, individuals are more likely to actively participate and retain knowledge.
Read more
Gamification in security awarness training
Gamificaiton in the workplace
Gamified Learning
HOPS
Definition
HOPS refers to the transmission of a mail message from one machine to another during the delivery process in the context of email security. Each HOP denotes the passage of a message through a network node or intermediate mail server before it reaches its intended recipient. The complexity of the email routing path and the number of intermediary servers involved in the delivery can affect the HOP count.
Related words
Email routing, mail server, network node, email header, email delivery, intermediate server, email security, message transmission, mail transfer agents (MTAs)
Example
Before arriving at its intended recipient, the email message made several HOPS through a number of mail servers.
Human risk management
Definition
Human risk management is the process of determining, assessing, and mitigating cyber and information security risks caused by employee behavior and actions within a company.
Related words
cybersecurity, risk mitigation, employee training, security policies
Example
To reduce the possibility of human error resulting in security incidents, effective human risk management requires the implementation of training programs that drive behavior change and measurably lower risk.
Did you know...
Read more
Hoxhunt Human Risk Management Platform
Human error
Definition
Human error, within the context of cybersecurity, refers to unintentional actions or mistakes made by individuals that result in security vulnerabilities, data breaches, or other cybersecurity incidents. It can include actions such as clicking on malicious links, falling for phishing scams, misconfiguring security settings, or inadvertently disclosing sensitive information.
Related words
cybersecurity, data breach, human risk management, security incident
Example
Organizations should prioritize cybersecurity training and human risk management programs to mitigate the risk of human error.
Did you know...
Research has shown that human error is the leading cause of cybersecurity incidents, accounting for a significant percentage of data breaches and security breaches worldwide. According to Verizon, 74% of breaches involve the human element, ranging from the use of stolen credentials to social engineering.
Read more
How human error impacts human risk in cybersecurity?
What you should do to reduce human risk
What is behavioural cybersecurity?
Hoxhunt Human Risk Management Platform
Impersonation
Definition
The act of pretending to be another person, organization, or entity with the intent to deceive or gain unauthorized access to information, resources, or privileges. Impersonation is commonly used in social engineering attacks and phishing campaigns.
Related words
authority impersonation, business email compromise (BEC), caller ID spoofing, CXO fraud, coworker impersonation, email account compromise (EAC), email spoofing, flash attack, pretexting, social engineering
Example
The attacker successfully gained access to the corporate network by impersonating a high-ranking executive and requesting privileged information from an unsuspecting employee.
Did you know...
Impersonation attacks can be highly convincing, as attackers often gather detailed information about their targets and employ psychological manipulation to deceive others.
Read more
A true story about impersonation and smishing threats
Top 4 Official Authority Impersonation Phishing Attacks of 2021
Insider threat
Definition
A security risk or threat posed by individuals within an organization who have authorized access to sensitive information, systems, or resources but misuse or abuse their privileges for malicious purposes.
Related words
data breach, human risk management, malicious actor, zero trust
Example
The organization implemented user activity monitoring and access controls to mitigate the risk of insider threats and protect against data breaches.
Macros
Definition
Macros, in the context of computer science, are predefined commands that automate repetitive tasks in various applications, such as word processors, spreadsheets, and email clients. Users can create macros to streamline their work, save time, and increase efficiency. However, it's important to be cautious because macros can also be used maliciously. Malicious macros, often embedded in files or documents, can execute unauthorized actions or launch harmful code when activated.
Related words
Example
The email attachment contained a document with hidden macros, which, when enabled, executed malicious code and compromised the user's computer. Similarly, a spreadsheet macro automated complex calculations, simplifying the data analysis process for the user.
Did you know...
While macros are valuable tools for automating tasks in various applications, their potential for misuse and security risks highlights the importance of exercising caution and implementing proper security measures when dealing with macro-enabled files.
Read more
Malicious macros in Excel
How drive-by download malware works | Macros
Malicious actor
Definition
An individual or entity that engages in deliberate activities in the digital realm with the aim to cause harm to an individual or organization in the form of a security breach.
Related words
adversary, insider threat, threat actor
Example
The cybersecurity team detected the presence of a malicious actor attempting to breach the company's network and promptly implemented countermeasures to mitigate the threat.
Did you know...
The term malicious actor is a catch-all term in the cybersecurity industry for people or organizations carrying out malicious activities. The term "bad actor" or "threat actor" may also be used to describe them.
Read more
Examples of how malicious actors work
Malicious Actor personalize their attacks
Malicious email
Definition
An electronic message that has been purposefully created and distributed with malicious intent is referred to as a malicious email. These emails frequently include deceptive content, false claims, malicious links, or harmful attachments that aim to compromise the recipient's system, steal sensitive information, or spread malware.
Related words
attack vector, phishing, pretexting, malicious link, malicious email attachment, social engineering
Example
Users should exercise caution and be vigilant in identifying and avoiding malicious emails, as they can pose significant risks if opened or interacted with.
Did you know...
Many malicious emails use some type of social engineering to trick the recipient into taking a specific action by playing on their emotions or sense of urgency.
Read more
Weekly threat feed examples
How Malicious emails are created
Cost of malicious emails
Malicious email attachment
Definition
A malicious attachment refers to a file or document included in an email, message, link, or download. These attachments often adopt disguises such as seemingly important documents, invoices, or advertisements, aiming to deceive users. The primary objectives behind malicious attachments include stealing sensitive information like passwords or credit card details through phishing techniques, as well as gaining unauthorized access to the victim's computer and the data stored on it.
Related words
attack vector, payload, malicious link
Example
John received an email that appeared to be from a reputable company, but upon closer inspection, he noticed a malicious attachment—a fake invoice document.
Did you know...
Commonly trusted file types like PDFs and Microsoft Office documents are frequently used by cybercriminals as malicious attachments, with HTML attachments being an especially popular choice.
Read more
Attachments in Phishing 101
Attachments in Phishing 102
Password protected attachments scam
Downloading malicious attachments
Links and attachments
Threat feed 50 | WeTransfer
Malicious link
Definition
A malicious link refers to a hyperlink or URL intentionally designed to direct users to websites or web pages that host harmful or malicious content. These links are often disguised or embedded within emails, messages, or websites with the aim of tricking users into clicking on them, leading to various security risks such as phishing attempts, malware infection, or unauthorized access to sensitive information.
Related words
attack vector, payload, malicious attachment
Example
It is crucial to exercise caution and avoid clicking on suspicious or unknown links to prevent falling victim to a malicious link that could compromise your device's security.
Did you know...
Cybercriminals sometimes use URL shortening services or spoofing to mask malicious links, making it more challenging for users to detect potential threats.
Read more
Links and attachments
Spear phishing prevention
Malware
Definition
Malware, short for malicious software, refers to any software or code designed with malicious intent to disrupt, damage, or gain unauthorized access to computer systems, networks, or devices.
Related words
exploit, attack surface, email security, malicious link, malicious attachment
Example
The cybersecurity team employed advanced endpoint protection solutions and regular system scans to proactively detect and mitigate the risk of malware infections.
Read more
Everything You Wanted To Know About Malware
A phish named malware: Email verification scam
A Bug in G Suite Lets Attackers Spread Malware on Your Computer
10 security awareness topics for your employees | Malware
Multi-factor authentication (MFA) bypass
Definition
The act of circumventing or bypassing MFA mechanisms, which are designed to provide an additional layer of security by requiring users to provide multiple forms of identification or verification.
Related words
email authentication, email security, social engineering, phishing, smishing
Example
The sophisticated attack exploited a vulnerability in the MFA system, allowing the attacker to bypass the authentication process and gain unauthorized access to the victim's account.
Did you know...
MFA bypass techniques can range from exploiting vulnerabilities in the implementation of MFA to social engineering methods targeting the user or the MFA provider.
Read more
How hackers bypass multi-factor authentication
Fake USPS package notifications harvests your MFA tokens
AI can help bypass multi-factor authentication
Always use Multi-factor authentication
5 ways attackers can bypass two-factor authentication
Threat feed 22 | Fake MFA notification
Multi-factor authentication (MFA) tokens
Definition
Physical or digital devices that generate one-time passwords or authentication codes for multi-factor authentication. MFA tokens provide an additional layer of security by requiring users to possess the token in addition to their password for authentication. The term can also be used to describe the strings generated by the devices or applications.
Related words
authentication tokens, OTP tokens, security tokens
Example
The employees were issued MFA tokens to enhance the security of their remote access to the company's network.
Did you know...
MFA tokens can take the form of hardware devices, such as key fobs or smart cards, or software applications installed on smartphones or other electronic devices. They generate unique codes that are synchronized with the authentication server, ensuring that the code expires after a short period and cannot be reused by attackers.
Read more
Fake USPS package notifications harvests your MFA tokens
MITRE attack framework
Definition
The MITRE ATT&CK framework is an extensive repository of information that provides details on a range of cyberattack types and the techniques. It's frequently updated and accessible to everyone.
Related words
threat intelligence, incident response, threat hunting
Example
By matching their defenses with actual attack methods, security teams can use the MITRE ATT&CK framework to improve their threat detection and response.
Did you know...
Organizations, governments, and cybersecurity specialists frequently use the MITRE ATT&CK framework as a tool for understanding and defending against cyberthreats.
Learn more MITRE ATT&CK® Framework
Notification hijack
Definition
Cyber attackers use this malicious technique to manipulate notifications sent to users' devices. Using legitimate notification channels, attackers aim to deceive the victim into performing an action or disclosing sensitive information. For instance, an attacker could use a legitimate service's fund transfer request function and use the space provided for messaging to create a justification for the unauthorized transfer request.
Related words
social engineering, consent phishing
Example
Through a notification hijack, the attacker tricking the victim into clicking on a dangerous link and unintentionally downloading malware.
![Share a spreadsheet? [SENDER NAME]SENDER EMAILI is requesting access to the following spreadsheet: G 24 Complete Plan C) (SENDER NAME) is outside your organisation. Open sharing settings](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cdca_044b36bb.png)
Read more
Threat feed 20 | Sogolytics email notification hijack
Open redirect
Definition
A weakness or bug in a web application that enables an attacker to redirect users to harmful websites or URLs via other websites. A link that contains a redirect may appear to take you to a reputable service's website at first, but it is really just a stopover on the way to the malicious website.
Related words
email security, malicious link
Example
The website's open redirect vulnerability was exploited by an attacker, leading unsuspecting users to a fake login page containing a credential harvester.
Did you know...
Open redirects enable attackers to mask malicious URLs by sending users to legitimate-appearing domains or websites, but these websites frequently have little to do with the email's subject, which should raise alarm bells.
Read more
Open Redirects - Weaponizing Trust Built by Legitimate Companies
Open-source intelligence (OSINT)
Definition
OSINT refers to the collection, analysis, and use of publicly available information from a variety of sources to gather intelligence or insights. It encompasses data obtained from online platforms, social media, news articles, public records, websites, and other publicly accessible sources.
Related words
social engineering, pretexting, threat intelligence
Example
The intelligence agency utilized OSINT techniques to monitor social media platforms and extract valuable insights that contributed to their ongoing investigations.
Read more
What is OSINT
How OSINT is Used Against Your Employees
10 Phishing Training Lessons For Your Employees | Spear phishing
Payload
Definition
In the context of a cyber attack, the payload refers to the component of the attack through which the malicious actor attempts to compromise the integrity of the victim's system or data. Payloads can range from malware to malicious attachments or links.
Related words
attack vector, credential harvester, malicious link, pretexting, exploit
Example
Cybersecurity experts advise users to avoid clicking on suspicious links as they may be payload links and have unintended consequences like compromising the victim's system, stealing their data, or installing malware on their device.
Did you know...
Payloads can vary in their functionality and objectives, ranging from data theft to system disruption.
Read more
Payloads in tax phishing
Weekly threat feed examples
Logo kits upgrade phishing attacks | The payload
Personal identifiable information (PII)
Definition
Personal identifiable information (PII) refers to any data or information that can be used to identify, locate, or contact an individual. It includes specific types of sensitive information that, if compromised, can potentially lead to identity theft, fraud, or privacy breaches.
Related words
data privacy, data protection
Example
It is crucial for organizations to implement robust security measures to protect personal identifiable information (PII) such as Social Security numbers, driver's license numbers, and credit card information from unauthorized access or disclosure.
Did you know...
Personal identifiable information (PII) has a significant market value on the dark web. Cybercriminals often target PII as it can be monetized or used for identity theft.
Read more
Phishing
Definition
A type of cyberattack in which attackers assume the appearance of entities in order to deceive victims into disclosing sensitive information, such as passwords or credit card numbers, or performing an action, such as transferring funds to the attackers bank account. Phishing attacks use emails, email attachments, and websites as attack mediums.
Related words
attack vector, business email compromise (BEC), email account compromise (EAC), pretexting, smishing, social engineering, spear phishing, vishing
Example
The cybersecurity team regularly sent phishing simulations to employees in order to teach them how to recognize phishing attacks.
Did you know...
Phishing via email gives attackers easy access to their targets, and it only takes one successful attack to have serious consequences - making it a low-risk, high-reward method of attack.
Read more
Weekly threat feed examples
Phishing or Spam - What is the difference?
Phishing 101 - How Phishing Attacks and Scam Emails Work
Phishing explained
Regular phishing vs regular phishing
Phishing kit
Definition
A phishing kit is a collection of tools, resources, and templates used by cybercriminals to create and launch phishing attacks. Phishing kits often include pre-designed phishing web pages, email templates, and scripts to automate the process.
Related words
phishing template, bulk phishing
Example
Law enforcement agencies discovered a sophisticated phishing kit that was being actively used to target multiple financial institutions.
Did you know...
Phishing kits have become more accessible and easy to obtain, allowing even non-technical individuals to engage in phishing attacks. These kits are typically sold or shared on underground forums and dark web marketplaces. Microsoft's Digital Crimes Unit has noticed an improvement in phishing kit quality over the past year, combined with easier access, with one vendor charging just $6 per day for a phishing kit.
Read more
Phishing kits are the new meth labs
Phishing services are surprisingly cheap
Phishing template
Definition
A phishing template refers to a pre-designed structure or layout used by cybercriminals to create fraudulent emails, messages or webpages as part of phishing attacks. The goal of a phishing template is to to easily reuse a template and scale an attack. but it is not mandatory to use a template to create an attack. Phishing templates are often sold by illegal SaaS companies, as a part of PaaS (Phishing-as-a-service).
Related words
Example
Phishing templates enable cybercriminals to craft persuasive and authentic-looking messages that deceive recipients into engaging with malicious content.
Postal service impersonation
Definition
Postal service impersonation refers to a fraudulent practice where individuals or groups impersonate legitimate postal services or courier companies to deceive recipients into sharing sensitive information. Cybercriminals may use various methods, including counterfeit websites, fake emails, or phone calls, to imitate reputable postal service providers.
Related words
social engineering, pretexting
Example
The e-commerce package delivery turned out to be a postal service impersonation, where criminals sent fake email notifications that mimicked those of a legitimate courier service to trick the victim and access their personal information.
![[External] AWB:258193002 INV and BL, PL DHL Supply Chain Valued customer, We have just received a parcel at our office from your client. We could not deliver due to an incorrect address. To complete the delivery, scan below QR code with your smartphone camera. Parcel details: Weight: 3.97 Kg Signature required: Yes DHL delivery times depends on the service you book, but generally, we will deliver Monday - Friday between 8 am and 6.00 pm. DHL International.](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cd7c_80483e27.png)
Did you know...
Postal service impersonation scams have evolved with the rise of e-commerce, where attackers exploit individuals' expectations for package deliveries and online shopping.
Read more
Threat Feed Week 45 – DHL impersonation
Threat Feed Week 18 – PostNord postal service impersonation
Pretexting
Definition
Pretexting is a tactic used to gain trust from an end user by sending a seemingly harmless message first without a malicious payload.An example of such a message would be “Please check your spam. I have sent an important document”.
Pretexting can also refer to a social engineering technique in which an attacker fabricates a scenario to deceive the victim, assuming a false identity. Often involving the attacker impersonating a loved one, trusted individual, or authority figure, pretexting attacks aim to manipulate the target into disclosing confidential data or other sensitive information by either building or exploiting rapport.
Related words
business email compromise (BEC), social engineering, impersonation
Example
Unbeknownst to the recipient, an email purporting to be from a close family member asking for an urgent money transfer eventually turned out to be a meticulously tailored pretexting attack.
Did you know...
Protected health information (PHI)
Definition
Health information, also known as Protected Health Information (PHI), refers to any individually identifiable health-related data or records that are created, received, stored, or transmitted by healthcare providers, health plans, or healthcare clearinghouses. PHI includes various types of medical, dental, and mental health information, along with associated identifiers.
Related words
data privacy, electronic health records (EHR), medical records, patient data, personal identifiable information (PII), sensitive data
Example
It is essential for healthcare organizations to maintain strict confidentiality and security measures to protect patients' health information (PHI) from unauthorized access or disclosure.
Did you know...
Right-to-left override (RTLO) attack
Definition
A right-to-left override (RTLO) attack is a deceptive technique utilized by malicious actors to manipulate the appearance of file names and file extensions, causing the file's name and extension to appear reversed or obscured to the user. By manipulating the visual representation of file names, attackers can obfuscate the true nature of files and trick users into interacting with it. RTLO attacks exploit the inherent trust users have in file names and extensions to deceive them into opening malicious files.
Related words
Example
In a recent RTLO attack, an audio file with the name 'Open_New_Voicemail mth.wav' was discovered to contain a hidden HTML credential harvesting form.
Did you know...
Read more
Right to left override attacks are relics no more
Secure email gateways
Definition
Secure email gateways are specialized email filtering and security solutions that protect organizations from various email-based threats, such as phishing attempts, malware distribution, and spam. These gateways act as a barrier between the internal email infrastructure and external sources, analyzing incoming and outgoing email traffic, and applying security measures such as spam filtering, content inspection, and attachment scanning to ensure the safety and integrity of email communications.
Related words
email security, cybersecurity, email filtering, spam protection, threat detection
Example
Implementing secure email gateways is crucial for organizations to prevent malicious emails from reaching employees' inboxes and ensuring that sensitive information remains protected.
Security breach
Definition
An incident or event where unauthorized individuals or entities gain access to or compromise sensitive data, systems, networks, or facilities, potentially resulting in the loss, theft, or misuse of sensitive information.
Related words
Data breach, cybersecurity incident, intrusion, unauthorized access, email account compromise (EAC), business email compromise (BEC), vulnerability, exploit
Example
The company experienced a major security breach, leading to the exposure of sensitive customer data.
Did you know...
Sensitive information
Definition
Information that, if accessed, disclosed, or misused, could potentially cause harm, damage, or negative consequences to individuals, organizations, or entities. It includes various types of data considered confidential or requiring special protection due to its potential impact or value.
Related words
personal identifiable information (PII), protected health information (PHI), trade secrets, financial records, employment records, customer lists, classified data, proprietary information, sensitive data
Example
The company implemented strict security measures to safeguard sensitive information such as customer data, trade secrets, and financial records from unauthorized access or disclosure.
Did you know...
Sensitive information is highly valuable to cybercriminals, as it can be used for various purposes, including insurance fraud, identity theft, and blackmail.
Read more
How hackers prey on your insecurity
Service impersonation
Definition
Service impersonation refers to a deceptive practice where malicious actors mimic legitimate services, such as banks, social media platforms, or online marketplaces, to trick individuals into revealing sensitive information or performing harmful actions.
Related words
social engineering, identity theft
Example
Users should carefully verify the website's address before entering any personal information, even while using trusted services, to prevent being a victim of a service impersonation attack.
Did you know...
Service impersonation can also involve attackers creating counterfeit mobile applications that mimic legitimate services to trick users into providing sensitive information.
Read more
Uh oh! Do you owe? When invoices strike back
Threat Feed Week 49 – eBay Order Confirmation and Payment Receipt
Smishing
Definition
A type of cyberattack that involves using text messages (SMS) to deceive victims into revealing sensitive information or downloading malicious content onto their mobile devices. Smishing is also a tool for social engineers, that can be used in any type of attack. The malicious actor can have a long term goal that doesn’t just end at the victim downloading malicious content on their device.
Related words
attack vector, mobile security, phishing, social engineering, spear phishing, vishing
Example
Jane received a suspicious text message asking her to click on a link and provide her banking details, but she recognized it as a smishing attempt and deleted the message immediately.
![sunnuntai • 20.58 Sunday • 20.58 (tekstiviesti/MMS) (text message/MMS) Epätavallisen toiminnan vuoksi pääsy Due to unusual activity access MobilePag on lukittu, kirjaudu sisään MobilePag is locked, log in here: tästä: https://mobilepay.(redactedl- https://mobilepag.(redacted]- deaktivoitu.net deactivated. net 20.58 20.58](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cdaf_2b100130.png)
Did you know...
Smishing can prove effective for cybercriminals, as studies have shown that SMS messages have a significantly higher open rate than email. And text message scams are on the rise, with consumers in the US reported losing $330 million to text message scams in 2022, more than double what was recorded in 2021, according to data from the Federal Trade Commission.
Read more
10 Phishing Training Lessons For Your Employees l Smishing
Spam
Definition
Spam refers to unsolicited and unwanted emails, typically sent in bulk. These messages often aim to promote products or services and can clog communication channels.
Related words
DMARC, DKIM, email authentication, email security, email spoofing, spam filtering, SPF
Example
The implementation of spam filters can significantly reduce the impact of spam messages and enhance the overall security and productivity of email communication.
Did you know...
According to studies, spam accounts for roughly half of all emails sent globally—some estimates even put the number as high as over 80%.
Spam filtering
Definition
Spam filtering is the process of automatically detecting and removing unwanted or unsolicited email messages, sometimes known as spam, from incoming email traffic. The likelihood of a message being spam is determined by examining its email content, headers, sender reputation, and other elements using algorithms, rules, and heuristics.
Related words
DMARC, DKIM, email authentication, email security, email spoofing, spam, SPF
Example
By lowering the volume of unsolicited emails, effective spam filtering plays an important role in ensuring a clean and secure email environment.
Spear phishing
Definition
Spear phishing is a targeted form of phishing where attackers are trying to target specific individuals, and often tailor their messages in an effort to trick victims into disclosing sensitive information or performing harmful actions. Spear phishing emails may contain specific and granular details, such as dates of company events or the names of coworkers relevant to the victim.
Example
When the CEO clicked on a link in an email that appeared to be from a colleague, they became the victim of a spear phishing attack.
Related words
attack vector, business email compromise (BEC), email account compromise (EAC), phishing, social engineering, pretexting, vishing, smishing
Read more
What is a Spear-Phishing attack and How Do You Recognize It?
What is the difference between spear-phishing and regular phishing?
Sender policy framework (SPF)
Definition
SPF is an email authentication technique that helps prevent email spoofing by specifying which servers are authorized to send emails on behalf of a particular domain. SPF records are DNS (Domain Name System) records that define the authorized email servers for a domain, allowing the recipient's server to check the SPF record and verify if the email originates from an authorized source. This isn’t always reliable, as for example compromised email accounts would pass SPF checks.
Related words
DMARC, DKIM, email authentication, email security, email spoofing, spam filtering
Example
Implementing SPF records in the DNS settings of a domain enables organizations to protect against email spoofing and unauthorized use of their domain name, as recipient servers can verify the sending server's legitimacy and reduce the risk of fraudulent or malicious emails reaching the recipient's inbox.
Social engineering
Definition
The manipulation of individuals, often through psychological and deceptive tactics, to gain unauthorized access to information, systems, or physical spaces. Usually employed by malicious actors to exploit human psychology and behavior, rather than directly attacking technical vulnerabilities.
Related words
phishing, smishing, vishing, pretexting, impersonation, tailgating
Example
The social engineering attack involved the attacker posing as a technical support representative and convincing the employee to share their login credentials.
Did you know...
Read more
Social Engineering – What Is It and How to Prepare For It?
Spoofing
Definition
Spoofing is a deceptive technique used in cyberattacks where malicious actors manipulate certain aspects of communication to deceive individuals or systems. In this type of attack, perpetrators falsify information to appear as someone or something else. Spoofing can occur in various forms, such as email spoofing, IP address spoofing, or caller ID spoofing, and is commonly employed in phishing attacks, identity theft, and other fraudulent activities.
Related words
email spoofing, caller ID spoofing, flash attack, social engineering, impersonation
Example
It is essential for individuals and organizations to be cautious of spoofing attempts and employ security measures like email authentication and verification protocols to detect and mitigate spoofed communications.
![RE: (SECURE) New Title Purchase Request Please confirm receipt of title request From CISENDER FULL NAMEI@ISENDER COMPANYI.com» [SENDER COMPANY LOGO] This is a secure message. Click_here by 2023-09-27 13:45 PDT to read your message. SecureMessageAtt.html](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cd6e_e2102f7b.png)
Did you know...
Spoofing techniques often exploit vulnerabilities in communication protocols or rely on technological tools to convincingly mimic legitimate entities or sources.
Read more
10 Phishing Training Lessons For Your Employees l Domain Spoofing
Phishing 101: How Phishing Attacks and Scam Emails Work l Phishing vs Spoofing
Supply chain attack
Definition
A supply chain attack is a type of cyber attack where threat actors target the software, hardware, or services provided by third-party vendors or suppliers to gain unauthorized access, introduce malware, or compromise the integrity of the supply chain.
Related words
pretexting, security breach, social engineering, vendor impersonation
Example
The recent supply chain attack exploited a vulnerability in a widely-used software update distributed by a trusted vendor, allowing the attackers to infiltrate numerous organizations.
Did you know...
Supply chain attacks have gained prominence in recent years due to their potential for widespread impact and difficulty in detection. By 2025, 45% of organizations worldwide are expected to have experienced attacks on their software supply chains, according to Gartner.
Threat indicators
Definition
Threat indicators, also known as indicators of compromise (IOCs), are specific pieces of information or evidence that suggest the presence of malicious activity or potential cybersecurity threats. These indicators can include suspicious network traffic patterns, anomalous system behavior, malicious file hashes, IP addresses associated with known threat actors, or patterns of unauthorized access attempts. Threat indicators play a crucial role in cybersecurity defense by enabling security professionals to detect, analyze, and respond to potential threats in a timely manner.
Related words
indicators of compromise (IOCs), threat detection, security alerts
Example
The security operations center monitored various threat indicators, such as suspicious IP addresses and unusual file behavior, to proactively identify potential threats and initiate incident response measures.
Vendor impersonation
Definition
Vendor impersonation refers to a deceptive practice where malicious actors impersonate legitimate vendors or suppliers to trick individuals or organizations, exploiting the trust established between businesses and their vendors.
Related words
authority impersonation, business email compromise (BEC), caller ID spoofing, coworker impersonation, CXO fraud, email account compromise (EAC), email spoofing, impersonation, phishing, pretexting, smishing, social engineering, supply chain attack, vishing
Example
Organizations should be aware of the risks of vendor impersonation and take precautions by having the ability to verify the identity of vendors through alternative channels of contact.
Did you know...
Cybercriminals may create fake vendor websites or use compromised vendor email accounts to make their impersonation more convincing and increase the chances of success.
Vishing
Definition
A type of cyberattack that involves using voice calls to deceive victims into revealing sensitive information or performing certain actions that can compromise their security. Attackers often employ social engineering techniques to manipulate victims into believing they are speaking with a trusted source.
Related words
attack vector, business email compromise (BEC), email account compromise (EAC), phishing, pretexting, smishing, social engineering, spear phishing
Example
A malicious actor posed as a bank representative in a vishing attack, tricking the victim into revealing their account credentials over the phone.
![Heartfelt Thanks for Your Trust — Let's Make it Extraordinary!" November 29, 2023 QuickBooks Account: [RECIPIENT EMAIL] Dear Customer, A payment of Automatically renews at S469.99/year Your annual subscription for Business Essential Plan has been successfully renewed and updated. The charged amount will be reflected within 24 hours to 48 hours on your account statement. If you didn't authorize this transaction call us on now at +1 [MALICIOUS PHONE NUMBER] Customer ID VN912DG946351 Payment Mode Auto-debit Product Business Essential Plan Issues with this transaction? Status Active Valid Duration 11/2912023 to 11/28/2024 Tenure One Year 1 Subtotal: Tax: Total Amount: Amount $459.99 $459.99 $10.00 $469.99 You have 30 days from the transaction to open a dispute in the resolution center at +I[MALICIOUS PHONE NUMBER] Please do not reply to this email because we are not monitoring this Inbox](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/65fd4234f52b99d69564cdd8_b7460dd0.png)
Did you know...
Vishing calls may be from a live person trying to con you, or they may be completely automated. Some even combine the two; you'll first get a call from an automated system before a real person picks up to finish the call.
Read more
Phishing 101: How Phishing Attacks and Scam Emails Work l Phishing and Vishing
Zero trust
Definition
Zero trust refers to a cybersecurity paradigm that fundamentally questions the notion of implicit trust within networks, operating under the assumption that no user, device, or network component should be automatically trusted, regardless of their location or identity. Zero trust policies involve continuous user authentication and strict access controls, allowing access to resources only on a need-to-know basis.
Related words
attack surface, network security, user authentication
Example
Employing a zero trust strategy allows organizations to establish granular access controls and monitor the trustworthiness of users, devices, and software.
Did you know...
Read more
Top 10 cybersecurity takeaways and trends in 2022 l The rise of Zero Trust