Cybersecurity glossary: phishing edition

Hoxhunt's Cybersecurity Glossary is here to help you navigate the terminology around phishing and cybersecurity.

Post hero image

Table of contents

Reduce your human cyber risk
Hoxhunt's adaptive security training dramatically increases engagement and security resilience.
Learn more

Advanced campaign

Definition

An advanced campaign refers to a carefully planned and executed cyberattack strategy employed by malicious actors to achieve specific objectives. Advanced campaigns often leverage extensive reconnaissance and tailored attack vectors to bypass security defenses and maximize the likelihood of success.

Related words

OSINT, reconnaissance, targeted attack

Example

The advanced campaign launched by the malicious actor successfully infiltrated the organization's network


00 Meta Business Manager We regret to Inform you that despite our pnor requests for your swift response and appeal, we have not any cornmunicatön from you regarding the policy violations on your business account, and the deadline for your appeal has now passed As a consequence, your account remains temporarily restricted, and this was your final opportunity to appeal the decision via our Business Help Center using the provided button Please note that you be able to appeal once until 20/04/2023 1400 UTC, After this time, your account will continue to be restricted during the appeal process, and further action, such as permanent suspension or deletion of your account for repeated violations, may be taken We strongly encourage you to make a final appeal to prevent the permanent deletion of your business account We value your presence on our platform and urge you to take prornpt action to address the wolatlons and appeal the decision If possible. Our support team available to assist you if needed. Please note that any decision taken regarding your account has been made in accordance with our policies and guidelines, which are in place to ensure a safe and enjoyable experience for all users of our platform We take the enforcement of these policies very senously and expect all users to comply with them at all times. Sincerely, Facemok Support Team REQUEST A REVIEW e 2023 Meta. Meta Platforms. Inc., 1601 Willow Rd. Memo Park. CA 94025 or wnere the Meta Products are offered to you by Meta Platforms Ireland Limited. 4 Grand Canal Square. Grand Canal Harbour. Dublin 2, Ireland
Threat Feed Week 16 | Meta impersonation

Read more

We've seen advanced phishing campaigns many times this year. Find more from the Threat Feed.

Advanced Persistent Threats (APTs)

Definition

Advanced Persistent Threats are well-resourced entities that consist of organized and highly skilled cybercriminals. APT groups are often nation-state actors or state-sponsored groups, and they engage in sophisticated malicious cyber activity that is highly targeted. Some APT groups are driven by political motivations. Their objectives include espionage, data theft, and network/systems disruption or destruction. APT groups are often tracked based on their tactics, techniques and procedures (TTPs).

Related words

OSINT, reconnaissance, targeted attack

Example sentence

APT12 is a threat group that has been attributed to China.

Read more

What is spear-phishing and how do you recognize it?
Social Engineering—What Is it and How to Prepare For it? | Advanced Persistent Threats

What is A Spear-Phishing Attack and How Do You Recognize It?

How to Recognize and Avoid Phishing Attacks

Adversary-in-the-middle attack (AiTM)

Also known as Man-in-the-middle-attack (MiTM)

Definition

An AiTM is a cyberattack in which the perpetrator intercepts communications between systems or individuals in order to spy on, tamper with, or manipulate the flow of traffic or messages.

Related words

attack surface, attack vector

Example

Hackers used adversary-in-the-middle techniques to tamper with a software update process, allowing them to inject malware into legitimate updates and compromise users' devices.

Adversary-on-the-side (AotS)

Also known as Man-on-the-side (MotS)

Definition

An AotS is a cyberattack in which the perpetrator observes the flow of communications between systems or individuals without intercepting or manipulating the original packets sent by the systems but is able to inject its own packets into the flow.

Related words

attack vector, Man-in-the-Middle, MitM

Example

Alice requests a webpage from a server, a AotS attacker might observe the request and quickly send a malicious response to Alice before the genuine server can reply. Alice might believe the response is from the genuine server, not realizing it's from the attacker.

Did you know...

The 2013 global surveillance revelations revealed that the US National Security Agency (NSA) widely uses a man-on-the-side attack to infect targets with malware through its QUANTUM program.

Attack surface

Definition

Attack surface refers to the sum total of all the possible points or vulnerabilities in a system, network, or application that can be targeted or exploited by attackers. It encompasses the various entry points, software components, network connections, and configurations that can be potentially compromised to gain unauthorized access or perform malicious activities.

Related words

attack vector, network security, zero trust

Example

Organizations must regularly assess their attack surface by identifying and addressing vulnerabilities, implementing robust security controls, and staying updated with patches and security updates to prevent potential exploitation by malicious actors.

Did you know...

The attack surface of a system or network can expand as new technologies, services, or features are added, increasing the potential points of vulnerability.

Attack vector

Definition

Attack vector refers to the path or method used by an attacker to gain unauthorized access, deliver malware, or carry out a cyberattack on a target system, network, or individual. Attack vectors can include various techniques such as phishing emails, social engineering, software vulnerabilities, or network exploits.

Related words

malware, phishing, social engineering, vulnerability

Example

Cybercriminals used social engineering as an attack vector by pretending to be the company's IT support and tricking employees into giving their credentials over the phone.

Did you know...

Attack vectors continue to evolve as new technologies emerge, and attackers continuously seek novel ways to exploit vulnerabilities.

Read more

Social Engineering—What Is it and How to Prepare For it? | Corporate Social Engineering Attack Scenarios
Tax phishing—Off the hook | Initial approach

Cybersecurity in a hybrid work environment | Phishing and email-based threats remain the top attack vectors

Social media phishing campaigns | Social media bad romance and pay-for-friends attacks

Emotional trigger phish—Off the hook | What makes an emotional attack vector so potent?

Authentication

Definition

Authentication is the process of verifying the identity of an individual, device, or system to ensure authorized access or usage. Authentication methods can include passwords, biometrics, security tokens, or multi-factor authentication (MFA).

Related words

access control, multi-factor authentication, zero trust

Example

The company implemented multi-factor authentication to enhance the security of user accounts and protect against unauthorized access.

Microsoft Microsoft 2FA Policy Dear User, Your authenticator session is expiring today. Kindly re-authenticate to avoid being locked out of your email account. We recommend that you use the below link to accept the updated policy changes on your account to avoid login interruption. Sign in to Update NOTE: Kindly update to avoid login interruption in your account. Microsoft Corporation, One Microsoft Way, WA 98052 Microsoft
Threat Feed Week 29 | Microsoft impersonation

Did you know...

Authentication is a critical component of cybersecurity, as it forms the foundation for ensuring that only authorized individuals or entities can access sensitive information or resources.

Read more

It's time to update your definition of phishing | Always use Multi-factor authentication

;rom: (COMPANYI Online Notification Microsoft Security Authenticationl Scan Me you are being held responsible to review security [RECPIPIENT.NAME], update as of 01/06/2023. Quickly scan above QR Code with your phone camera. Review security requirements within 4 days of the received date by going to Account manager in the Security Center. [COMPANYIt 2023 Microsoft Corporation. All rights reserved.
Threat Feed Week 21 | Microsoft QR code Security Authentication

Authority impersonation

Definition

Authority impersonation refers to a deceptive tactic used by malicious actors to pose as individuals or organizations in positions of authority or trust. A position of authority would be someone you can’t opt out from. Attackers might accomplish this by impersonating CXO-level employees of a company or government officials.

Related words

business email compromise (BEC), caller ID spoofing, CXO fraud, coworker impersonation, email account compromise (EAC), spoofing, flash attack, impersonation, pretexting, social engineering

Example

Verifying the legitimacy of requests via multiple channels of communication is one way to lower the risks related to authority impersonation.

Malicious actors create SVB-themed phishing attacks

Did you know...

To more convincingly appear as legitimate authorities, cybercriminals may sometimes employ methods like caller ID spoofing and sender email spoofing.

Read more

The origins of the most brutal phishing techniques | Authority impersonation

The 2022 US Department of Transportation phishing attack is the greatest-in-a-bad-way credential harvesting scam we've seen this year

Threat Feed Week 24 | Verohallinto impersonation

Beneficiary Name Notification Date Notification Ref No. Notification Subject [RECIPIENT NAME] 12 - June - 2023 - 2nd Notice 203892948SDN You have been awarded a Cash Settlement This is not span This is an notice only for: [RECIPIENT NAME]. we regret to inform you that you have been a victim of Identity theft Your identity and consumer credit files were compromised during a data breach where milllons of user profiles were exposed to hackers and used in an identity theft scheme now uncovered by federal authorities and Interpol. Steps have since been taken to mitigate the issue. The offenders have been prosecuted and ordered to pay a substantial settlement in which you are eligible to receive a portion of, You are eligible for reimbursements of false acquisitions, compensation for potential impact on your credit, and any additional claims you may make. To request more information about the notification subject, simply reply to this notification with your Notification ID. 7800880 or contact the Clerk's Office by email at This is a Confider-fal Notification from the Manchester Magistrates' Court (Crown Square, Wood St, Manchester, Unned Kingdom), Any review, use, dissemination. disdosure or distribution by persons other than (RECIPIENT NAME] is prohibited is unlawful DO NOT SHARE OO NOT PRINT (Stay Paperless, save our Environment)
Threat Feed Week 25 | Manchester Magistrates' Court impersonation and identity theft cash settlement

Backdoor

Definition

A backdoor is a hidden or undocumented vulnerability or access point in software, systems, or networks. Backdoors are created deliberately and can be used to bypass normal security measures and gain unauthorized access or control. For example an APT could leave backdoors in systems or networks they have accessed and allow themselves to re-enter if necessary. Backdoors can also be intentionally created by the developers of software or the manufactures of a device. There are also cases where governments have been responsible for backdoors.  

Related words

attack surface, exploit, vulnerability

Example

The cybercriminal exploited a backdoor in the software to gain access to the victim's computer and carry out illicit activities.

Did you know...

Backdoors can be intentionally created by software developers for legitimate purposes, such as remote administration, but they can also be maliciously inserted by attackers to maintain unauthorized access or control.

Read more

Copyright infringement phishing attacks | How to defend yourself and spot these copyright infringement phishing mails

Botnet

Definition

A botnet is a collection of infected computers or other devices that are managed by a central command and control server. Botnets are frequently employed for malicious purposes like DDoS attacks, malware distribution, and spam emailing.

Related words

exploit, malware

Example

The security team detected a large botnet responsible for launching massive DDoS attacks against multiple websites.

Did you know...

Thousands or even millions of infected devices can form a botnet, making them effective tools for cybercriminals to launch coordinated attacks.

Read more

Dawn of the undead king of malware, Emotet | How Emotet works

Browser-in-the-browser (BitB) attack

Definition

A browser-in-the-browser attack is simulates a login window with a spoofed domain within a parent browser window, similar to a pop-up ad. The user is then tricked into entering their login credentials on a malicious website that mimics the appearance of a legitimate login interface from a trusted service.

Related words

credential theft, phishing, malicious website

Example

Unbeknownst to the unsuspecting users, the website they accessed deployed a sophisticated browser-in-the-browser attack, presenting a convincing replica of a legitimate login window for a popular email provider, ultimately harvesting their login credentials.

Did you know...

Browser-in-the-browser attacks capitalize on users' familiarity with trusted login interfaces and exploit their implicit trust in the appearance and functionality of such windows.

Read more

This '90s internet throwback is the latest hacking trend

Bulk phishing

Definition  

Bulk phishing is a type of phishing attack that involves sending out large volumes of fraudulent emails or messages to a wide range of recipients, with the aim of tricking them into revealing sensitive information or performing harmful actions. In bulk phishing, attackers often employ generic or mass-produced email templates and cast a wide net to maximize the chances of successful compromises.

Related words

widespread targeting, phishing kit

Example

Bulk phishing campaigns pose a significant threat to individuals and organizations alike, as cybercriminals leverage automation and scalability to target many potential victims simultaneously.

Read more

Weekly Threat Feed

Business email compromise (BEC)

Definition

A BEC is a form of financially motivated phishing attack where attackers exploit existing relationships between a victim and an entity by posing as a trusted source to request unauthorised transactions. In order to facilitate this scam, BEC attacks can also involve attackers engaging in further fraudulent activities such as invoice manipulation. Email account compromises are sometimes used to execute these attacks.

Related words

authority impersonation, email account compromise (EAC), flash attack, fraudulent fund transfer (FFT), invoice fraud, CXO fraud, coworker impersonation, impersonation, pretexting, social engineering, vendor impersonation

Example

The company's finance division was the target of a BEC attack, which caused the company to suffer sizable financial losses.

BEC / Wire Fraud Attack "I'd never have fallen for this with Hoxhunt." — BEC victim ------> Fraudulent invoice issued to company for up-front payment Business email of Social engineering: external partner is urgency, emotional compromised manipulation ----> 3 months later, scam is revealed when real invoice is issued
Behavior change and risk management case study

Did you know...

BEC is one of the most financially damaging online crimes. In 2022, the FBI's Internet Crime Complaint Center (IC3) received 21,832 BEC complaints with adjusted losses over $2.7 billion. (source)

Read more

5 Ways to Prevent Business Email Compromise Attacks

Just how much of a threat is Business Email Compromise?

Why Business Email Compromise Attack Is The King Of Cybercrime

Caller ID spoofing

Definition

Caller ID spoofing is a practice in which malicious actors falsify the information displayed on the recipient's caller ID system to mislead or deceive them about the origin of a phone call. By manipulating the calling line identification, attackers can make it appear as if the call is coming from a different number, often mimicking a trusted entity or organization.

Related words

email spoofing, domain spoofing, impersonation, social engineering

Example

It is important to exercise caution when receiving calls, especially from unfamiliar or suspicious numbers, as caller ID spoofing can be used to disguise the true identity of the caller.  

Did you know...

Caller ID spoofing can be facilitated through Voice over IP (VoIP) technology, allowing attackers to manipulate the calling information digitally.

Compromised credentials

Definition

Refers to usernames, passwords, or other authentication information that has been illicitly obtained or accessed by unauthorized individuals, typically through data breaches, phishing attacks, or other means.

Related words

stolen credentials, compromised accounts

Example

The cybersecurity team detected suspicious activity linked to compromised credentials and immediately initiated a password reset for the affected user accounts.

Did you know...

Compromised credentials are a valuable commodity for cybercriminals, as they provide unauthorized access to sensitive systems or information. Many data breaches occur due to the use of compromised credentials.

Read more

How much does phishing really cost businesses? | Where does this lead?

Consent phishing

Definition

Consent phishing is a method used by malicious actors in an attempt to trick victims into granting unauthorized access to their online data or accounts. In a consent phishing attack, the attacker sends a legitimate access request through a service hoping that the target will unwittingly agree to the request.

Related words

phishing, smishing, social engineering

Example

Employees fell for a consent phishing attack and unwittingly gave an unauthorized user access to sensitive company information stored online.

Coworker impersonation

Definition

Coworker impersonation refers to a technique where malicious actors pretend to be a colleague or coworker. Email, messaging services, or phone calls are used to impersonate a colleague and carry out the attack, in an effort to trick the target into disclosing confidential information or taking actions that are advantageous to the attacker.

Related words

business email compromise (BEC), CXO fraud, pretexting, impersonation, social engineering, spear phishing

Example

Reporting suspicious activities and following established protocols are vital in safeguarding against the risks associated with coworker impersonation.

Did you know...

Coworker impersonation attacks often rely on social engineering tactics and knowledge of internal organizational structures, including employee roles and relationships.

Read more

Threat Feed Week 18 | Coworker impersonation and changes in payroll request

Credential harvester

Definition

A credential harvester is a tool or technique used by cyber attackers to capture user credentials, often through websites designed to mimic legitimate login screens or forms.

Related words

credential theft, malicious website

Example

The cybersecurity team identified a credential harvester being hosted on a compromised website, targeting users of a popular online banking service.

httpsWca1end1y_[MEDlA ACENCY].com O Log into Facehmk facebook Log Into Facebook Email phone number Pas sword Log In Fmgot % n u p k ErOi5h (US) Espano Deutsch Türkge Cpnco' Frances (France) Italiano eosanski Svensk Pomgues(BrasiI) Sig. up Log In Watch P" Portal 8u&tin Fundraisers Services Intormatjcn Cenac About Create Create Page Ckveopers Careers Privacy CookEs Ad cruces Calendlu
Advertisers beware—how scammers are getting into your ad accounts

Did you know...

Credential harvesters are commonly used in phishing attacks, where unsuspecting users are lured into entering their credentials on fake login pages. These harvested credentials can be used for unauthorized access or sold on underground markets.

Read more

Top 5 things lurking behind forbidden phishing links

Threat Feed Week 25 | Phishing via calendar invite and Bitcoin credential harvester

Sophisticated new credential harvesting attack uses fake popups and fake Microsoft Windows OS

Everything You Wanted To Know About Malware | Credential Harvesting

Embedded Email Credential Harvesting

Social engineers targeting social media accounts

What are the top 10 costs of phishing? | 3. Credential compromises and phishing

The 2022 US Department of Transportation phishing attack is the greatest-in-a-bad-way credential harvesting scam we've seen this year

CXO fraud

Definition

CXO fraud refers to a type of cyberattack in which malicious actors impersonate high-level executives or CXOs to deceive employees or organizations into transferring funds, sharing sensitive data, or initiating unauthorized transactions.

Related words

authority impersonation, business email compromise (BEC), caller ID spoofing, coworker impersonation, email account compromise (EAC), email spoofing, impersonation, phishing, pretexting, smishing, social engineering, vendor impersonation, vishing

Example

Verifying the authenticity of requests, implementing multi-factor authentication, and promoting a culture of skepticism towards unusual or urgent requests are crucial steps in preventing financial losses and reputational damage associated with CXO fraud.

Did you know...

CXO fraud can involve careful research and social engineering tactics to mimic the communication style and knowledge of high-ranking executives, increasing the likelihood of the attack being successful.

Read more

What is phishing training? | CEO Fraud

Just how much of a threat is Business Email Compromise? | CEO Impersonation

10 Phishing Training Lessons For Your Employees | CEO Fraud

Cyber resilience

Definition

Cyber resilience is the ability of individuals, organizations, or systems to withstand, recover from, and adapt to cyber attacks, data breaches, or other security incidents, while maintaining essential functions and operations.

Related words

human risk management, incident response, security policies

Example

Building a robust cyber resilience strategy involves proactive measures such as employee training and incident response planning.

Did you know...

Cyber resilience acknowledges the need to prepare for and effectively handle security incidents in addition to trying to prevent cyber attacks. It incorporates the concepts of adaptability and resilience in the face of evolving threats.

Dark web

Definition

The dark web is a part of the internet that is intentionally hidden and inaccessible through standard search engines. The dark web is often associated with illegal activities and black market transactions, as it provides anonymity to users through encryption and specialized networks like Tor.

Related words

deep web, onion services, hidden services

Example

Law enforcement agencies collaborated to shut down a notorious dark web marketplace that facilitated the sale of stolen personal information.

Did you know...

While the dark web is known for illicit activities, it also serves as a platform for privacy-conscious individuals, whistleblowers, and journalists to communicate and share sensitive information securely.

Read more

The origins of the most brutal phishing techniques | Sextortion

Everything you need to know about ransomware | Who's behind ransomware attacks?

Data breach

Definition

A data breach is the unauthorized access, acquisition, or disclosure of sensitive and/or confidential information, such as personal data, financial records, or intellectual property, by an unauthorized third party.

Related words

customer lists, classified data, employment records, financial records, personal identifiable information (PII), privacy, protected health information (PHI), proprietary information, security breach, sensitive data, sensitive information, trade secrets

Example

The company experienced a data breach that exposed customer names, email addresses, and encrypted passwords.

Did you know...

Data breaches can result in significant financial losses, damage to reputation, and potential legal consequences for organizations that fail to adequately protect sensitive information. According to IBM, a data breach in the US in 2022 cost more than twice the global average.

Data theft

Definition

Data theft refers to the unauthorized acquisition, copying, or removal of sensitive and/or confidential information from individuals, organizations, or computer systems. In this type of cybercrime, perpetrators gain unauthorized access to data through various means, such as hacking, phishing, malware attacks, or physical theft of storage devices.

Related words

data breach, customer lists, classified data, employment records, financial records, identity theft, intellectual property theft, personal identifiable information (PII), protected health information (PHI), privacy, proprietary information, security breach, sensitive data, sensitive information, trade secrets

Example

Promoting strong password practices, employee education on data security, and implementing other security solutions are crucial steps organizations can take in safeguarding against data theft incidents.

Did you know...

The value of stolen data on the black market can vary depending on factors such as the type of information, its market demand, and the intended use by cybercriminals.

Read more

How to avoid catphishing

Denial-of-service (DoS) attack

Definition

A denial-of-service attack is a form of cyberattack that seeks to overwhelm a system, network, or service with an excessively high volume of traffic or resource requests to prevent it from being accessed by legitimate users and to disrupt its normal functioning.  

Related words

distributed denial-of-service (DDoS) attack, botnet

Example

The website was the victim of a denial of service attack, rendering it inaccessible to regular users.

Distributed denial-of-service (DDoS) attack

Definition

A distributed denial-of-service (DDoS) attack is a malicious cyber attack in which multiple compromised devices, often forming a botnet, are used to overwhelm a target system, network, or service with a massive volume of traffic or resource requests. Like a denial-of-service attack, this coordinated assault exhausts the target's resources, leading to service disruption or unavailability for legitimate users.

Related words

denial-of-service attack, botnet

Example

A DDoS attack on a government website resulted in hundreds of compromised devices flooding the network, overwhelming the servers, and resulting in a complete service blackout.

Detection and response

Definition

The process of identifying and reacting to cybersecurity incidents or threats in a timely manner. Detection involves monitoring systems, networks, and logs for signs of suspicious activities, while response involves taking appropriate actions to mitigate the impact and prevent further damage.

Related words

incident response, threat detection

Example

The organization's cybersecurity team implemented an automated detection and response system to enhance their ability to quickly identify and contain security incidents.

DomainKeys Identified Mail (DKIM)

Definition

DKIM is an email authentication method that allows senders to digitally sign their outgoing messages, providing a cryptographic verification of the email's authenticity and integrity. DKIM helps in preventing email spoofing and tampering by adding a digital signature to the email header, allowing the recipient's server to verify the message's origin and ensure it has not been modified during transit.

Related words

DMARC, email authentication, email security, email spoofing, SPF

Example

By implementing DKIM, organizations can enhance the trustworthiness of their email communications, as recipient servers can verify that the messages have not been altered along the way.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Definition

DMARC is an email authentication protocol that helps organizations protect their domains from email spoofing, phishing, and unauthorized use. DMARC combines the use of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to verify the authenticity of incoming email messages and provides instructions on how to handle messages that fail authentication, such as quarantining or rejecting them.

Related words

email authentication, email security, SPF, DKIM, email spoofing

Example

Implementing DMARC enables organizations to establish a defense against email-based threats by enforcing strict authentication policies, while reducing the risk of unauthorized use of their domains for malicious purposes.

Email account compromise (EAC)

Definition

Email account compromise is a cyber attack where an attacker gains unauthorized access to an individual's email account, typically through phishing or exploiting vulnerabilities. Once compromised, the attacker can monitor emails, send fraudulent messages, or access sensitive information.

Related words

business email compromise (BEC), email security, exploit, impersonation, coworker impersonation, social engineering, vendor impersonation

Example

The organization experienced an email account compromise that resulted in confidential client data being exposed.

Did you know...

Email account compromises can have severe consequences, including financial loss, reputational damage, and unauthorized access to other accounts linked to the compromised email address. Read more

Why Business Email Compromise Attack Is The King Of Cybercrime

Email authentication

Definition

Email authentication is the process of confirming the legitimacy and integrity of an email message, to ensure it came from an authorized sender and wasn't altered while in transit. It involves setting up a variety of authentication methods and protocols to verify the sender's identity, find forged or spoofed emails, and improve overall email security.

Related words

email security, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting, and Conformance), email spoofing, MFA bypass

Example

By implementing strong email authentication mechanisms such as SPF, DKIM, and DMARC, organizations can significantly reduce the risk of email-based attacks and ensure that their email communications are more resistant to forgery, impersonation, and unauthorized manipulation.

Email security

Definition

Email security refers to the measures, protocols, and practices implemented to protect email communications from unauthorized access, data breaches, and malicious activities.

Related words

spam filtering, secure email gateways, email authentication

Example

With the increasing prevalence of cyber threats, organizations must prioritize email security in order to reduce the risk of email-based attacks like phishing or malware distribution

Did you know...

Email is still the most popular communication channel in both personal and professional contexts, making it a highly convenient option for attackers.

Read more

How to write an email that won’t be mistaken for spam or a phishing attack | Staying of the hook

Email spoofing

Definition

Email spoofing is a technique used by malicious actors to forge or manipulate the email header information, making it appear as if the email originated from a different sender than it actually did. By altering the "From" field or other email header details, attackers can deceive recipients into believing the email is legitimate and trustworthy.  

Related words

caller ID spoofing, email authentication, flash attack

Example

Implementing email authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) can help detect and prevent sender email spoofing attempts, ensuring that emails can be verified and trusted. Additionally, individuals should remain vigilant when receiving emails, carefully scrutinizing sender details and being cautious of unexpected or suspicious requests.

Did you know...

Advanced email spoofing techniques can even perfectly mimic the domain name of the legitimate sender, further enhancing the illusion of authenticity.

Read more

What's the difference between spear-phishing and regular phishing? | Spear attacks usually are spoofed emails

10 Phishing Training Lessons For Your Employees | 2. Spear Phishing

It's time to update your definition of phishing | Email spoofing

Email thread hijacking

Definition

Email thread hijacking refers to a tactic in which an attacker gains unauthorized access to an ongoing email conversation between multiple individuals. By intercepting or compromising one or more email accounts involved in the thread, the attacker can impersonate legitimate participants or inject malicious links or attachments.

Related words

email account compromise (EAC), business email compromise (BEC), pretexting, social engineering

Example

When participating in email threads, individuals should proceed with caution and keep an eye out for any indications of suspicious activity, such as sudden changes in email content.

Did you know...

In business or professional settings, email thread hijacking can be especially effective as it may give attackers access to sensitive data.

Read more

On the infamous email at the center of the Equifax breach that went to 486 people

Exploit

Definition

An exploit refers to a piece of code, software, or technique used by attackers to take advantage of vulnerabilities or weaknesses in a system, application, or network. Exploits can allow attackers to gain unauthorized access, execute malicious actions, or bypass security controls. Typically crafted to target specific vulnerabilities, exploits can be deployed through various means, such as malicious websites, email attachments, or network-based attacks.

Related words

attack surface, payload, vulnerability

Example

Cybercriminals actively search for and exploit vulnerabilities in software to compromise systems and steal sensitive information.

Vulnerability reported and fixed: Attachment filetype denylist bypass in Foxit PDF clients | Watch the exploit

Did you know...

Exploits are often traded on the dark web, creating a market for buying and selling weaponized code.

Read more

Everything You Wanted To Know About Malware | Malicious website infection

Log4j Log4shell vulnerability explained: Just when you thought it was safe to go on winter holiday

Vulnerability reported and fixed: Arbitrary file execution in Foxit PDF clients

Fake invoice

Definition

A fraudulent invoice or bill sent to individuals or organizations, typically via email, with the intention of tricking them into making payments to the attacker's account. Fake invoices often mimic legitimate invoices from trusted vendors or service providers.

Related words

invoice fraud, invoice phishing

Example

The finance department received a fake invoice that closely resembled a legitimate vendor's billing, highlighting the importance of verifying payment requests.

Invoice payment overdue“Reminder - Invoice Payment Due 80 Days Ago”
Threat feed 48 | Invoice

Did you know...

Between 2013 and 2015, a con artist sent fake bills to Facebook and Google, defrauding the companies out of more than $120 million.

Read more

Beware of the fake invoice | Breakdown of a fake invoice
Uh oh! Do you owe? When invoices strike back
Threat feed 15 | Electricity Invoice
Thread feed 26 | Unpaid Invoice
Thread feed 44 | Payment reminder

Fake notification

Definition

A deceptive email or SMS message designed to appear as an official notification from a reputable organization or service provider, aiming to trick recipients into taking action, such as clicking on malicious links, downloading malware, or providing sensitive information.

Related words

consent phishing, phishing, smishing

Example

The employees were warned about the risks of fake notifications claiming to be from the company's IT department, urging them to update their login credentials.

Post hero image
Threat feed | Tinder notification

Did you know...

Fake notifications often exploit individuals' curiosity or concern about important updates or account security, prompting them to take immediate action without carefully verifying the authenticity of the message.

Read more

Threat feed | Facebook notification
Threat feed | Adobe Acrobat notification
Threat Feed 19 | Docusign

Flash attack

Definition

A flash attack is a type of phishing attack that involves creating deceptive domain names to trick users. Attackers typically either add characters to or subtracting them from a legitimate domain name (e.g., hoxhuntt.com or hoxhnt.com), substitute characters (e.g., hoxhvnt.com), or use alternative domain extensions (e.g., hoxhunt.biz or hoxhunt.co). These variations aim to make the website appear legitimate, with the hope that the user won't notice the difference. The flash attack domains are usually bought in bulk, and taken down quickly after discovery.

Example

Several employees fell victim to a flash attack when they received an email that originated from a domain name closely resembling their company's official website.

Did you know...

The name flash attack is based on the speed the deceptive domains are taken down with.

Read more

Threat feed 26 | suomi.fi
Threat feed 26 | Company impersonations
Threat feed 16 | Booking.com
Threat feed 33 | DocuSign

Financial institution impersonation

Definition

A financial institution impersonation is a phishing attack specifically targeting online banking customers. In a financial institute impersonation, the malicious actor seeks to trick victims into divulging their banking credentials, account information, or other sensitive data through emails, text messages, or fake financial websites.

Related words

fake invoice scam, social engineering, service impersonation  

Example

Customers of one of the largest banks in the country are the target of a fresh round of financial institute impersonation attacks that have been carefully designed to mimic the layout and format of the bank’s official messaging.

OTP Bank impersonation“Card Security Alert!” “Alertǎ de securitate pentru card!”
Threat feed 44 | OTP Bank

Did you know...

Financial institute impersonation attacks often exploit individuals' concerns about their finances and use urgency or fear tactics to prompt immediate action.

Read more

Threat feed 44 | OP Financial Group
Funds transfer phishing attacks work better with a crisis
Top 3 Banking Phish of Winter 2021

Fraudulent fund transfer (FFT)

Definition

A fraudulent fund transfer refers to an unauthorized or deceitful transaction where cybercriminals manipulate individuals or systems to transfer funds to their own accounts or other illegitimate destinations. This type of cyberattack often involves exploiting vulnerabilities in financial systems, social engineering techniques, or the use of compromised credentials to initiate the transfer.

Related words

financial fraud, invoice fraud, wire transfer fraud, unauthorized transactions

Example

The company fell victim to a fraudulent fund transfer scheme, resulting in a significant financial loss.

Read more

Funds transfer phishing attacks work better with a crisis
Pretexting is a simple and effective phishing attack without links | What happens when you respond to a pretext?

Hello, Thank you for your prompt reply. Here is the bank information to complete the transfer: (BANK DETAILS / ACCOUNT NUMBER) Type of transfer: Express transfer Amount/ currency: EUR Reference: XXXX We will pay all the costs associated with the transfer. Note that the operation is confidential until formal notification.
Big money spear phish campaign on the loose | Close call

Gamification

Definition

The application of game elements and mechanics, such as competition, rewards, and challenges, in non-gaming contexts to engage and motivate individuals to achieve specific goals.

Related words

engagement strategies, user engagement

Example

The company implemented a gamification program to encourage employees to actively participate in cybersecurity training modules and improve their security awareness.

Did you know...

Gamification has proven to be an effective strategy for enhancing user engagement and motivation in various fields, including cybersecurity training. By introducing elements of competition and rewards, individuals are more likely to actively participate and retain knowledge.

Read more

Gamification in security awarness training
Gamificaiton in the workplace
Gamified Learning

HOPS

Definition

HOPS refers to the transmission of a mail message from one machine to another during the delivery process in the context of email security. Each HOP denotes the passage of a message through a network node or intermediate mail server before it reaches its intended recipient. The complexity of the email routing path and the number of intermediary servers involved in the delivery can affect the HOP count.

Related words

Email routing, mail server, network node, email header, email delivery, intermediate server, email security, message transmission, mail transfer agents (MTAs)

Example

Before arriving at its intended recipient, the email message made several HOPS through a number of mail servers.

Human risk management

Definition

Human risk management is the process of determining, assessing, and mitigating cyber and information security risks caused by employee behavior and actions within a company.

Related words

cybersecurity, risk mitigation, employee training, security policies

Example

To reduce the possibility of human error resulting in security incidents, effective human risk management requires the implementation of training programs that drive behavior change and measurably lower risk.

Did you know...

According to a 2022 Gartner survey, 69% of employees had neglected their organization's cybersecurity advice in the previous year. Meanwhile, 74% of workers said they would be ready to disregard their company's cybersecurity guidelines if it enabled them or their team to accomplish a business objective.

Read more

Hoxhunt Human Risk Management Platform

Human error

Definition

Human error, within the context of cybersecurity, refers to unintentional actions or mistakes made by individuals that result in security vulnerabilities, data breaches, or other cybersecurity incidents. It can include actions such as clicking on malicious links, falling for phishing scams, misconfiguring security settings, or inadvertently disclosing sensitive information.

Related words

cybersecurity, data breach, human risk management, security incident

Example

Organizations should prioritize cybersecurity training and human risk management programs to mitigate the risk of human error.

Did you know...

Research has shown that human error is the leading cause of cybersecurity incidents, accounting for a significant percentage of data breaches and security breaches worldwide. According to Verizon, 74% of breaches involve the human element, ranging from the use of stolen credentials to social engineering.

Read more

How human error impacts human risk in cybersecurity?

What you should do to reduce human risk

What is behavioural cybersecurity?

Hoxhunt Human Risk Management Platform

Impersonation

Definition

The act of pretending to be another person, organization, or entity with the intent to deceive or gain unauthorized access to information, resources, or privileges. Impersonation is commonly used in social engineering attacks and phishing campaigns.

Related words

authority impersonation, business email compromise (BEC), caller ID spoofing, CXO fraud, coworker impersonation, email account compromise (EAC), email spoofing, flash attack, pretexting, social engineering

Example

The attacker successfully gained access to the corporate network by impersonating a high-ranking executive and requesting privileged information from an unsuspecting employee.

Threat feed 50 | Netflix impersonation

Did you know...

Impersonation attacks can be highly convincing, as attackers often gather detailed information about their targets and employ psychological manipulation to deceive others.

Read more

A true story about impersonation and smishing threats

Top 4 Official Authority Impersonation Phishing Attacks of 2021

Insider threat

Definition

A security risk or threat posed by individuals within an organization who have authorized access to sensitive information, systems, or resources but misuse or abuse their privileges for malicious purposes.

Related words

data breach, human risk management, malicious actor, zero trust

Example

The organization implemented user activity monitoring and access controls to mitigate the risk of insider threats and protect against data breaches.

Macros

Definition

Macros, in the context of computer science, are predefined commands that automate repetitive tasks in various applications, such as word processors, spreadsheets, and email clients. Users can create macros to streamline their work, save time, and increase efficiency. However, it's important to be cautious because macros can also be used maliciously. Malicious macros, often embedded in files or documents, can execute unauthorized actions or launch harmful code when activated.

Related words

malware, exploit

Example

The email attachment contained a document with hidden macros, which, when enabled, executed malicious code and compromised the user's computer. Similarly, a spreadsheet macro automated complex calculations, simplifying the data analysis process for the user.

Did you know...

While macros are valuable tools for automating tasks in various applications, their potential for misuse and security risks highlights the importance of exercising caution and implementing proper security measures when dealing with macro-enabled files.

Read more

Malicious macros in Excel
How drive-by download malware works | Macros

Malicious actor

Definition

An individual or entity that engages in deliberate activities in the digital realm with the aim to cause harm to an individual or organization in the form of a security breach.

Related words

adversary, insider threat, threat actor

Example

The cybersecurity team detected the presence of a malicious actor attempting to breach the company's network and promptly implemented countermeasures to mitigate the threat.

Did you know...

The term malicious actor is a catch-all term in the cybersecurity industry for people or organizations carrying out malicious activities. The term "bad actor" or "threat actor" may also be used to describe them.

Read more

Examples of how malicious actors work
Malicious Actor personalize their attacks

Malicious email

Definition

An electronic message that has been purposefully created and distributed with malicious intent is referred to as a malicious email. These emails frequently include deceptive content, false claims, malicious links, or harmful attachments that aim to compromise the recipient's system, steal sensitive information, or spread malware.

Related words

attack vector, phishing, pretexting, malicious link, malicious email attachment, social engineering

Example

Users should exercise caution and be vigilant in identifying and avoiding malicious emails, as they can pose significant risks if opened or interacted with.

Meta Support impersonation “Urgent: Notice of Violation of Community Standards on Your Facebook Profile”
Threat feed 47 | Meta

Did you know...

Many malicious emails use some type of social engineering to trick the recipient into taking a specific action by playing on their emotions or sense of urgency.  

Read more

Weekly threat feed examples
How Malicious emails are created
Cost of malicious emails

Malicious email attachment

Definition

A malicious attachment refers to a file or document included in an email, message, link, or download. These attachments often adopt disguises such as seemingly important documents, invoices, or advertisements, aiming to deceive users. The primary objectives behind malicious attachments include stealing sensitive information like passwords or credit card details through phishing techniques, as well as gaining unauthorized access to the victim's computer and the data stored on it.

Related words

attack vector, payload, malicious link

Example

John received an email that appeared to be from a reputable company, but upon closer inspection, he noticed a malicious attachment—a fake invoice document.

Did you know...

Commonly trusted file types like PDFs and Microsoft Office documents are frequently used by cybercriminals as malicious attachments, with HTML attachments being an especially popular choice.

Read more

Attachments in Phishing 101
Attachments in Phishing 102
Password protected attachments scam
Downloading malicious attachments
Links and attachments
Threat feed 50 | WeTransfer

Malicious link

Definition

A malicious link refers to a hyperlink or URL intentionally designed to direct users to websites or web pages that host harmful or malicious content. These links are often disguised or embedded within emails, messages, or websites with the aim of tricking users into clicking on them, leading to various security risks such as phishing attempts, malware infection, or unauthorized access to sensitive information.

Related words

attack vector, payload, malicious attachment

Example

It is crucial to exercise caution and avoid clicking on suspicious or unknown links to prevent falling victim to a malicious link that could compromise your device's security.

DHL impersonation
Threat feed 50 | DHL

Did you know...

Cybercriminals sometimes use URL shortening services or spoofing to mask malicious links, making it more challenging for users to detect potential threats.

Read more

Links and attachments
Spear phishing prevention

Malware

Definition

Malware, short for malicious software, refers to any software or code designed with malicious intent to disrupt, damage, or gain unauthorized access to computer systems, networks, or devices.

Related words

exploit, attack surface, email security, malicious link, malicious attachment

Example

The cybersecurity team employed advanced endpoint protection solutions and regular system scans to proactively detect and mitigate the risk of malware infections.

Read more

Everything You Wanted To Know About Malware
A phish named malware: Email verification scam
A Bug in G Suite Lets Attackers Spread Malware on Your Computer
10 security awareness topics for your employees | Malware

Multi-factor authentication (MFA) bypass

Definition

The act of circumventing or bypassing MFA mechanisms, which are designed to provide an additional layer of security by requiring users to provide multiple forms of identification or verification.

Related words

email authentication, email security, social engineering, phishing, smishing

Example

The sophisticated attack exploited a vulnerability in the MFA system, allowing the attacker to bypass the authentication process and gain unauthorized access to the victim's account.

Did you know...

MFA bypass techniques can range from exploiting vulnerabilities in the implementation of MFA to social engineering methods targeting the user or the MFA provider.

Read more

How hackers bypass multi-factor authentication
Fake USPS package notifications harvests your MFA tokens
AI can help bypass multi-factor authentication
Always use Multi-factor authentication
5 ways attackers can bypass two-factor authentication

Threat feed 22 | Fake MFA notification

Multi-factor authentication (MFA) tokens

Definition

Physical or digital devices that generate one-time passwords or authentication codes for multi-factor authentication. MFA tokens provide an additional layer of security by requiring users to possess the token in addition to their password for authentication. The term can also be used to describe the strings generated by the devices or applications.

Related words

authentication tokens, OTP tokens, security tokens

Example

The employees were issued MFA tokens to enhance the security of their remote access to the company's network.

Did you know...

MFA tokens can take the form of hardware devices, such as key fobs or smart cards, or software applications installed on smartphones or other electronic devices. They generate unique codes that are synchronized with the authentication server, ensuring that the code expires after a short period and cannot be reused by attackers.

Read more

Fake USPS package notifications harvests your MFA tokens

MITRE attack framework

Definition

The MITRE ATT&CK framework is an extensive repository of information that provides details on a range of cyberattack types and the techniques. It's frequently updated and accessible to everyone.

Related words

threat intelligence, incident response, threat hunting

Example

By matching their defenses with actual attack methods, security teams can use the MITRE ATT&CK framework to improve their threat detection and response.

Did you know...

Organizations, governments, and cybersecurity specialists frequently use the MITRE ATT&CK framework as a tool for understanding and defending against cyberthreats.  

Learn more MITRE ATT&CK® Framework

Notification hijack

Definition

Cyber attackers use this malicious technique to manipulate notifications sent to users' devices. Using legitimate notification channels, attackers aim to deceive the victim into performing an action or disclosing sensitive information. For instance, an attacker could use a legitimate service's fund transfer request function and use the space provided for messaging to create a justification for the unauthorized transfer request.

Related words

social engineering, consent phishing

Example

Through a notification hijack, the attacker tricking the victim into clicking on a dangerous link and unintentionally downloading malware.

Share a spreadsheet? [SENDER NAME]SENDER EMAILI is requesting access to the following spreadsheet: G 24 Complete Plan C) (SENDER NAME) is outside your organisation. Open sharing settings
Threat feed 24 | Google Sheets notification hijack

Read more

Threat feed 20 | Sogolytics email notification hijack

Open redirect

Definition

A weakness or bug in a web application that enables an attacker to redirect users to harmful websites or URLs via other websites. A link that contains a redirect may appear to take you to a reputable service's website at first, but it is really just a stopover on the way to the malicious website.

Related words

email security, malicious link

Example

The website's open redirect vulnerability was exploited by an attacker, leading unsuspecting users to a fake login page containing a credential harvester.

A file was shared with you Here's the file "Accounts Payable. RSE TKSE" shared with you Transmittal No. KPC-RSE-FTTS-L-423 pdf No label
Threat feed 36 | Sharepoint

Did you know...

Open redirects enable attackers to mask malicious URLs by sending users to legitimate-appearing domains or websites, but these websites frequently have little to do with the email's subject, which should raise alarm bells.

Read more

Open Redirects - Weaponizing Trust Built by Legitimate Companies

Threat feed 34 | DocuSign

Open-source intelligence (OSINT)

Definition

OSINT refers to the collection, analysis, and use of publicly available information from a variety of sources to gather intelligence or insights. It encompasses data obtained from online platforms, social media, news articles, public records, websites, and other publicly accessible sources.

Related words

social engineering, pretexting, threat intelligence

Example

The intelligence agency utilized OSINT techniques to monitor social media platforms and extract valuable insights that contributed to their ongoing investigations.

Read more

What is OSINT
How OSINT is Used Against Your Employees
10 Phishing Training Lessons For Your Employees | Spear phishing

Payload

Definition

In the context of a cyber attack, the payload refers to the component of the attack through which the malicious actor attempts to compromise the integrity of the victim's system or data. Payloads can range from malware to malicious attachments or links.  

Related words

attack vector, credential harvester, malicious link, pretexting, exploit

Example

Cybersecurity experts advise users to avoid clicking on suspicious links as they may be payload links and have unintended consequences like compromising the victim's system, stealing their data, or installing malware on their device.

Did you know...

Payloads can vary in their functionality and objectives, ranging from data theft to system disruption.

Read more

Payloads in tax phishing
Weekly threat feed examples
Logo kits upgrade phishing attacks | The payload

Personal identifiable information (PII)

Definition

Personal identifiable information (PII) refers to any data or information that can be used to identify, locate, or contact an individual. It includes specific types of sensitive information that, if compromised, can potentially lead to identity theft, fraud, or privacy breaches.

Related words

data privacy, data protection

Example

It is crucial for organizations to implement robust security measures to protect personal identifiable information (PII) such as Social Security numbers, driver's license numbers, and credit card information from unauthorized access or disclosure.

Did you know...

Personal identifiable information (PII) has a significant market value on the dark web. Cybercriminals often target PII as it can be monetized or used for identity theft.

Read more

How harvesting PII works

Phishing

Definition

A type of cyberattack in which attackers assume the appearance of entities in order to deceive victims into disclosing sensitive information, such as passwords or credit card numbers, or performing an action, such as transferring funds to the attackers bank account. Phishing attacks use emails, email attachments, and websites as attack mediums.

Related words

attack vector, business email compromise (BEC), email account compromise (EAC), pretexting, smishing, social engineering, spear phishing, vishing

Example

The cybersecurity team regularly sent phishing simulations to employees in order to teach them how to recognize phishing attacks.

Did you know...

Phishing via email gives attackers easy access to their targets, and it only takes one successful attack to have serious consequences - making it a low-risk, high-reward method of attack.

Read more

Weekly threat feed examples
Phishing or Spam - What is the difference?
Phishing 101 - How Phishing Attacks and Scam Emails Work
Phishing explained
Regular phishing vs regular phishing

Phishing kit

Definition

A phishing kit is a collection of tools, resources, and templates used by cybercriminals to create and launch phishing attacks. Phishing kits often include pre-designed phishing web pages, email templates, and scripts to automate the process.

Related words

phishing template, bulk phishing

Example

Law enforcement agencies discovered a sophisticated phishing kit that was being actively used to target multiple financial institutions.

Did you know...

Phishing kits have become more accessible and easy to obtain, allowing even non-technical individuals to engage in phishing attacks. These kits are typically sold or shared on underground forums and dark web marketplaces. Microsoft's Digital Crimes Unit has noticed an improvement in phishing kit quality over the past year, combined with easier access, with one vendor charging just $6 per day for a phishing kit.

Read more

Phishing kits are the new meth labs

Phishing services are surprisingly cheap

Phishing template

Definition

A phishing template refers to a pre-designed structure or layout used by cybercriminals to create fraudulent emails, messages or webpages as part of phishing attacks. The goal of a phishing template is to to easily reuse a template and scale an attack. but it is not mandatory to use a template to create an attack. Phishing templates are often sold by illegal SaaS companies, as a part of PaaS (Phishing-as-a-service).

Related words

phishing kit, bulk phishing

Example

Phishing templates enable cybercriminals to craft persuasive and authentic-looking messages that deceive recipients into engaging with malicious content.

Postal service impersonation

Definition

Postal service impersonation refers to a fraudulent practice where individuals or groups impersonate legitimate postal services or courier companies to deceive recipients into sharing sensitive information. Cybercriminals may use various methods, including counterfeit websites, fake emails, or phone calls, to imitate reputable postal service providers.  

Related words

social engineering, pretexting

Example

The e-commerce package delivery turned out to be a postal service impersonation, where criminals sent fake email notifications that mimicked those of a legitimate courier service to trick the victim and access their personal information.

[External] AWB:258193002 INV and BL, PL DHL Supply Chain Valued customer, We have just received a parcel at our office from your client. We could not deliver due to an incorrect address. To complete the delivery, scan below QR code with your smartphone camera. Parcel details: Weight: 3.97 Kg Signature required: Yes DHL delivery times depends on the service you book, but generally, we will deliver Monday - Friday between 8 am and 6.00 pm. DHL International.
Threat Feed 34 l DHL QR code

Did you know...

Postal service impersonation scams have evolved with the rise of e-commerce, where attackers exploit individuals' expectations for package deliveries and online shopping.

Read more

Threat Feed Week 45 – DHL impersonation

Threat Feed Week 18 – PostNord postal service impersonation

Pretexting

Definition

Pretexting is a tactic used to gain trust from an end user by sending a seemingly harmless message first without a malicious payload.An example of such a message would be “Please check your spam. I have sent an important document”.

Pretexting can also refer to a social engineering technique in which an attacker fabricates a scenario to deceive the victim, assuming a false identity. Often involving the attacker impersonating a loved one, trusted individual, or authority figure, pretexting attacks aim to manipulate the target into disclosing confidential data or other sensitive information by either building or exploiting rapport.  

Related words

business email compromise (BEC), social engineering, impersonation

Example

Unbeknownst to the recipient, an email purporting to be from a close family member asking for an urgent money transfer eventually turned out to be a meticulously tailored pretexting attack.

Did you know...

Pretexting might be used now more than ever in cyber attacks. The number of business email compromise (BEC) attacks, which are pretexting attacks, has nearly doubled, according to the most recent research from Verizon.

Protected health information (PHI)

Definition

Health information, also known as Protected Health Information (PHI), refers to any individually identifiable health-related data or records that are created, received, stored, or transmitted by healthcare providers, health plans, or healthcare clearinghouses. PHI includes various types of medical, dental, and mental health information, along with associated identifiers.

Related words

data privacy, electronic health records (EHR), medical records, patient data, personal identifiable information (PII), sensitive data

Example

It is essential for healthcare organizations to maintain strict confidentiality and security measures to protect patients' health information (PHI) from unauthorized access or disclosure.

Did you know...

Healthcare had the highest average data breach cost of any industry for the 12th consecutive year, according to IBM.

Right-to-left override (RTLO) attack

Definition

A right-to-left override (RTLO) attack is a deceptive technique utilized by malicious actors to manipulate the appearance of file names and file extensions, causing the file's name and extension to appear reversed or obscured to the user. By manipulating the visual representation of file names, attackers can obfuscate the true nature of files and trick users into interacting with it. RTLO  attacks exploit the inherent trust users have in file names and extensions to deceive them into opening malicious files.  

Related words

Spoofing, flash attack

Example

In a recent RTLO attack, an audio file with the name 'Open_New_Voicemail mth.wav' was discovered to contain a hidden HTML credential harvesting form.  

Did you know...

RTLO attacks are executed using a special Unicode character [U+202e], that is intended to support languages like Arabic and Hebrew, which are read from right to left.

Read more

Right to left override attacks are relics no more

Secure email gateways

Definition

Secure email gateways are specialized email filtering and security solutions that protect organizations from various email-based threats, such as phishing attempts, malware distribution, and spam. These gateways act as a barrier between the internal email infrastructure and external sources, analyzing incoming and outgoing email traffic, and applying security measures such as spam filtering, content inspection, and attachment scanning to ensure the safety and integrity of email communications.

Related words

email security, cybersecurity, email filtering, spam protection, threat detection

Example

Implementing secure email gateways is crucial for organizations to prevent malicious emails from reaching employees' inboxes and ensuring that sensitive information remains protected.

Security breach

Definition

An incident or event where unauthorized individuals or entities gain access to or compromise sensitive data, systems, networks, or facilities, potentially resulting in the loss, theft, or misuse of sensitive information.

Related words

Data breach, cybersecurity incident, intrusion, unauthorized access, email account compromise (EAC), business email compromise (BEC), vulnerability, exploit

Example

The company experienced a major security breach, leading to the exposure of sensitive customer data.

Did you know...

According to IBM, phishing-related breaches take the third-longest amount of time to find and contain, taking 295 days on average.

Sensitive information

Definition

Information that, if accessed, disclosed, or misused, could potentially cause harm, damage, or negative consequences to individuals, organizations, or entities. It includes various types of data considered confidential or requiring special protection due to its potential impact or value.

Related words

personal identifiable information (PII), protected health information (PHI), trade secrets, financial records, employment records, customer lists, classified data, proprietary information, sensitive data

Example

The company implemented strict security measures to safeguard sensitive information such as customer data, trade secrets, and financial records from unauthorized access or disclosure.

Did you know...

Sensitive information is highly valuable to cybercriminals, as it can be used for various purposes, including insurance fraud, identity theft, and blackmail.

Read more

How hackers prey on your insecurity

Service impersonation

Definition

Service impersonation refers to a deceptive practice where malicious actors mimic legitimate services, such as banks, social media platforms, or online marketplaces, to trick individuals into revealing sensitive information or performing harmful actions.  

Related words

social engineering, identity theft

Example

Users should carefully verify the website's address before entering any personal information, even while using trusted services, to prevent being a victim of a service impersonation attack.

OFFICIAL AVAX AIRDROP We are giving away "00.000 LISD SAVAX. lust connect to participate Eligible Can claim up to $200,000 USD based on their activity, Congratulations' Won Claim Your prim NOW. polygon x esputnik' Congratulations! You're a Winner am tMlled to of airdmo a total of distributed of mar rour of this WOO token of far te the MATIC this opportunity clicking button to caim 3800 Claim this link is keep it for being a o' the vibr.nt æ-rm-.it•,•. We e esputnik. All rights reserved.
Threat Feed 48 l Polygon crypto prize

Did you know...

Service impersonation can also involve attackers creating counterfeit mobile applications that mimic legitimate services to trick users into providing sensitive information.

Read more

Uh oh! Do you owe? When invoices strike back
Threat Feed Week 49 – eBay Order Confirmation and Payment Receipt

Smishing

Definition

A type of cyberattack that involves using text messages (SMS) to deceive victims into revealing sensitive information or downloading malicious content onto their mobile devices. Smishing is also a tool for social engineers, that can be used in any type of attack. The malicious actor can have a long term goal that doesn’t just end at the victim downloading malicious content on their device.

Related words

attack vector, mobile security, phishing, social engineering, spear phishing, vishing

Example

Jane received a suspicious text message asking her to click on a link and provide her banking details, but she recognized it as a smishing attempt and deleted the message immediately.

sunnuntai • 20.58 Sunday • 20.58 (tekstiviesti/MMS) (text message/MMS) Epätavallisen toiminnan vuoksi pääsy Due to unusual activity access MobilePag on lukittu, kirjaudu sisään MobilePag is locked, log in here: tästä: https://mobilepay.(redactedl- https://mobilepag.(redacted]- deaktivoitu.net deactivated. net 20.58 20.58
Threat Feed 39 l MobilePay

Did you know...

Smishing can prove effective for cybercriminals, as studies have shown that SMS messages have a significantly higher open rate than email. And text message scams are on the rise, with consumers in the US reported losing $330 million to text message scams in 2022, more than double what was recorded in 2021, according to data from the Federal Trade Commission.

Read more

10 Phishing Training Lessons For Your Employees l Smishing

Spam

Definition

Spam refers to unsolicited and unwanted emails, typically sent in bulk. These messages often aim to promote products or services and can clog communication channels.

Related words

DMARC, DKIM, email authentication, email security, email spoofing, spam filtering, SPF

Example

The implementation of spam filters can significantly reduce the impact of spam messages and enhance the overall security and productivity of email communication.

Did you know...

According to studies, spam accounts for roughly half of all emails sent globally—some estimates even put the number as high as over 80%.

Spam filtering

Definition

Spam filtering is the process of automatically detecting and removing unwanted or unsolicited email messages, sometimes known as spam, from incoming email traffic. The likelihood of a message being spam is determined by examining its email content, headers, sender reputation, and other elements using algorithms, rules, and heuristics.

Related words

DMARC, DKIM, email authentication, email security, email spoofing, spam, SPF

Example

By lowering the volume of unsolicited emails, effective spam filtering plays an important role in ensuring a clean and secure email environment.

Spear phishing

Definition

Spear phishing is a targeted form of phishing where attackers are trying to target specific individuals, and often tailor their messages in an effort to trick victims into disclosing sensitive information or performing harmful actions. Spear phishing emails may contain specific and granular details, such as dates of company events or the names of coworkers relevant to the victim.

Example

When the CEO clicked on a link in an email that appeared to be from a colleague, they became the victim of a spear phishing attack.

Related words

attack vector, business email compromise (BEC), email account compromise (EAC), phishing, social engineering, pretexting, vishing, smishing

Read more

What is a Spear-Phishing attack and How Do You Recognize It?

What is the difference between spear-phishing and regular phishing?

Sender policy framework (SPF)

Definition

SPF is an email authentication technique that helps prevent email spoofing by specifying which servers are authorized to send emails on behalf of a particular domain. SPF records are DNS (Domain Name System) records that define the authorized email servers for a domain, allowing the recipient's server to check the SPF record and verify if the email originates from an authorized source. This isn’t always reliable, as for example compromised email accounts would pass SPF checks.

Related words

DMARC, DKIM, email authentication, email security, email spoofing, spam filtering

Example

Implementing SPF records in the DNS settings of a domain enables organizations to protect against email spoofing and unauthorized use of their domain name, as recipient servers can verify the sending server's legitimacy and reduce the risk of fraudulent or malicious emails reaching the recipient's inbox.

Social engineering

Definition

The manipulation of individuals, often through psychological and deceptive tactics, to gain unauthorized access to information, systems, or physical spaces. Usually employed by malicious actors to exploit human psychology and behavior, rather than directly attacking technical vulnerabilities.  

Related words

phishing, smishing, vishing, pretexting, impersonation, tailgating

Example

The social engineering attack involved the attacker posing as a technical support representative and convincing the employee to share their login credentials.

Did you know...

Social engineering exploits the inherent trust and human vulnerabilities, such as the desire to help others or the fear of consequences, rather than relying solely on technical vulnerabilities.

Read more

Social Engineering – What Is It and How to Prepare For It?

Spoofing

Definition

Spoofing is a deceptive technique used in cyberattacks where malicious actors manipulate certain aspects of communication to deceive individuals or systems. In this type of attack, perpetrators falsify information to appear as someone or something else. Spoofing can occur in various forms, such as email spoofing, IP address spoofing, or caller ID spoofing, and is commonly employed in phishing attacks, identity theft, and other fraudulent activities.

Related words

email spoofing, caller ID spoofing, flash attack, social engineering, impersonation

Example

It is essential for individuals and organizations to be cautious of spoofing attempts and employ security measures like email authentication and verification protocols to detect and mitigate spoofed communications.

RE: (SECURE) New Title Purchase Request Please confirm receipt of title request From CISENDER FULL NAMEI@ISENDER COMPANYI.com» [SENDER COMPANY LOGO] This is a secure message. Click_here by 2023-09-27 13:45 PDT to read your message. SecureMessageAtt.html
Threat Feed 39 l Proofpoint secure message

Did you know...

Spoofing techniques often exploit vulnerabilities in communication protocols or rely on technological tools to convincingly mimic legitimate entities or sources.

Read more

10 Phishing Training Lessons For Your Employees l Domain Spoofing
Phishing 101: How Phishing Attacks and Scam Emails Work l Phishing vs Spoofing

Supply chain attack

Definition

A supply chain attack is a type of cyber attack where threat actors target the software, hardware, or services provided by third-party vendors or suppliers to gain unauthorized access, introduce malware, or compromise the integrity of the supply chain.

Related words

pretexting, security breach, social engineering, vendor impersonation

Example

The recent supply chain attack exploited a vulnerability in a widely-used software update distributed by a trusted vendor, allowing the attackers to infiltrate numerous organizations.

Did you know...

Supply chain attacks have gained prominence in recent years due to their potential for widespread impact and difficulty in detection. By 2025, 45% of organizations worldwide are expected to have experienced attacks on their software supply chains, according to Gartner.

Threat indicators

Definition

Threat indicators, also known as indicators of compromise (IOCs), are specific pieces of information or evidence that suggest the presence of malicious activity or potential cybersecurity threats. These indicators can include suspicious network traffic patterns, anomalous system behavior, malicious file hashes, IP addresses associated with known threat actors, or patterns of unauthorized access attempts. Threat indicators play a crucial role in cybersecurity defense by enabling security professionals to detect, analyze, and respond to potential threats in a timely manner.

Related words

indicators of compromise (IOCs), threat detection, security alerts

Example

The security operations center monitored various threat indicators, such as suspicious IP addresses and unusual file behavior, to proactively identify potential threats and initiate incident response measures.

Vendor impersonation

Definition

Vendor impersonation refers to a deceptive practice where malicious actors impersonate legitimate vendors or suppliers to trick individuals or organizations, exploiting the trust established between businesses and their vendors.

Related words

authority impersonation, business email compromise (BEC), caller ID spoofing, coworker impersonation, CXO fraud, email account compromise (EAC), email spoofing, impersonation, phishing, pretexting, smishing, social engineering, supply chain attack, vishing

Example

Organizations should be aware of the risks of vendor impersonation and take precautions by having the ability to verify the identity of vendors through alternative channels of contact.

Did you know...

Cybercriminals may create fake vendor websites or use compromised vendor email accounts to make their impersonation more convincing and increase the chances of success.

Vishing

Definition

A type of cyberattack that involves using voice calls to deceive victims into revealing sensitive information or performing certain actions that can compromise their security. Attackers often employ social engineering techniques to manipulate victims into believing they are speaking with a trusted source.

Related words

attack vector, business email compromise (BEC), email account compromise (EAC), phishing, pretexting, smishing, social engineering, spear phishing

Example

A malicious actor posed as a bank representative in a vishing attack, tricking the victim into revealing their account credentials over the phone.

Heartfelt Thanks for Your Trust — Let's Make it Extraordinary!" November 29, 2023 QuickBooks Account: [RECIPIENT EMAIL] Dear Customer, A payment of Automatically renews at S469.99/year Your annual subscription for Business Essential Plan has been successfully renewed and updated. The charged amount will be reflected within 24 hours to 48 hours on your account statement. If you didn't authorize this transaction call us on now at +1 [MALICIOUS PHONE NUMBER] Customer ID VN912DG946351 Payment Mode Auto-debit Product Business Essential Plan Issues with this transaction? Status Active Valid Duration 11/2912023 to 11/28/2024 Tenure One Year 1 Subtotal: Tax: Total Amount: Amount $459.99 $459.99 $10.00 $469.99 You have 30 days from the transaction to open a dispute in the resolution center at +I[MALICIOUS PHONE NUMBER] Please do not reply to this email because we are not monitoring this Inbox
Threat Feed 49 l QuickBooks

Did you know...

Vishing calls may be from a live person trying to con you, or they may be completely automated. Some even combine the two; you'll first get a call from an automated system before a real person picks up to finish the call.

Read more

5 tips to stay vishing-proof

Buggy phishing attack accidentally reveals how cyber criminals personalize messages to elude detection by filters

Phishing 101: How Phishing Attacks and Scam Emails Work l Phishing and Vishing

Zero trust

Definition

Zero trust refers to a cybersecurity paradigm that fundamentally questions the notion of implicit trust within networks, operating under the assumption that no user, device, or network component should be automatically trusted, regardless of their location or identity. Zero trust policies involve continuous user authentication and strict access controls, allowing access to resources only on a need-to-know basis.  

Related words

attack surface, network security, user authentication

Example

Employing a zero trust strategy allows organizations to establish granular access controls and monitor the trustworthiness of users, devices, and software.

Did you know...

Despite its increasing popularity, Gartner estimates that only 10% of large businesses will have a mature and measurable zero-trust strategy implemented by 2026.

Read more

Top 10 cybersecurity takeaways and trends in 2022 l The rise of Zero Trust

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this