Glossary

A long-term fraud scheme combining romance or relationship scams with fake investment opportunities, where attackers cultivate trust with victims over weeks or months before convincing them to invest in fraudulent cryptocurrency or trading platforms.

A social engineering attack that bombards users with repeated multi-factor authentication push notifications until they approve one out of frustration, confusion, or to stop the notifications—granting attackers access to protected accounts.

A category of malware specifically designed to harvest sensitive information from infected devices, including saved passwords, browser cookies, session tokens, cryptocurrency wallets, and other credentials that enable account takeover and fraud.

A cyber attack where malicious code is injected into e-commerce website payment forms to secretly capture and steal customer payment card data as it's entered during checkout.

Fraudulent e-commerce websites designed to steal payment information, take money without delivering products, or ship counterfeit goods while impersonating legitimate retailers or creating convincing standalone storefronts.

A domain squatting technique where attackers register domains that combine a legitimate brand name with additional words, creating deceptive URLs that appear related to the target organization.

A phishing technique where attackers send emails or messages containing phone numbers instead of malicious links, directing victims to call and speak with scammers who then manipulate them into installing malware, providing credentials, or making payments.

The continuous process of tracking and analyzing how a brand is represented, mentioned, or misused across digital channels including websites, social media, app stores, marketplaces, and the dark web.

A type of financial fraud where victims are manipulated through social engineering into voluntarily authorizing payments to accounts controlled by criminals, making recovery difficult because the victim initiated the transaction.

The complete technical ecosystem attackers use to conduct phishing campaigns, including domains, hosting servers, email systems, redirect chains, credential capture mechanisms, and supporting services.

A scoring system used by security tools, email providers, and browsers to assess the trustworthiness of a domain based on its history, behavior patterns, age, and associations with malicious activity

The use of online advertising platforms to distribute malware, steal credentials, or impersonate brands by purchasing search ads, display ads, or sponsored content that directs users to malicious destinations.

The process of removing malicious online content, disabling fraudulent infrastructure, or terminating unauthorized accounts to stop active attacks and prevent victim harm.

An individual or group that carries out malicious cyber activities, including nation-states, criminal organizations, hacktivists, insiders, or individual hackers.

Information about current or emerging threats, threat actors, attack techniques, and indicators of compromise that enables organizations to understand risks and inform security decisions.

Registering domain names that are common misspellings of legitimate brand domains to capture traffic from users who make typing errors and exploit this for fraud, advertising revenue, or other malicious purposes.

A form of business email compromise where attackers compromise legitimate vendor or supplier email accounts to send fraudulent invoices, redirect payments, or steal information from the vendor's customers.

Voice phishing attacks conducted via phone calls where attackers impersonate legitimate organizations or individuals to manipulate victims into revealing sensitive information or performing harmful actions.

Highly targeted phishing attacks directed at senior executives, board members, or other high-value individuals with significant authority, access, or information within organizations.

A security model based on the principle of maintaining strict access controls and not trusting anyone by default, whether inside or outside the network perimeter, requiring continuous verification.

An email authentication standard that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain, helping prevent email spoofing.

Highly targeted phishing attacks directed at specific individuals or organizations, using personalized information and context to increase credibility and success rates compared to mass phishing campaigns.

The creation of fake profiles, pages, or accounts on social media platforms that falsely represent individuals, brands, or organizations to deceive followers and enable fraud or reputational harm.

Psychological manipulation techniques used to deceive people into divulging confidential information, granting access, or performing actions that compromise security

Phishing attacks conducted through SMS text messages that trick recipients into clicking malicious links, calling fraudulent numbers, or revealing sensitive information via text response.

The unauthorized capture of session cookies or tokens that maintain authenticated sessions, allowing attackers to hijack active user sessions without needing passwords or bypassing multi-factor authentication.

A cyberattack technique where threat actors manipulate search engine rankings to position malicious websites prominently in search results, luring victims who trust organic search listings.

Malicious software that encrypts files or locks systems and demands payment (typically cryptocurrency) from victims in exchange for decryption keys or restored access.

A phishing attack technique that uses malicious QR codes to redirect victims to phishing sites, credential harvesting pages, or malware downloads, exploiting the trust and convenience of QR code scanning.

A cybercrime business model where criminals offer complete phishing campaign services to other attackers, providing infrastructure, templates, sending capabilities, and sometimes victim targeting on a subscription or revenue-share basis.

Pre-packaged software tools containing templates, scripts, and resources that enable cybercriminals to quickly deploy phishing campaigns without extensive technical knowledge.

Fraudulent attempts to obtain sensitive information or manipulate victims into harmful actions by impersonating trustworthy entities through email, websites, messages, or other communication channels.

Intelligence gathering from publicly available sources including websites, social media, public records, news media, and other accessible information to understand threats, targets, or situations.

A security mechanism requiring users to provide two or more verification factors to gain access to accounts or systems, substantially reducing risk from compromised passwords.

A key performance metric measuring the average elapsed time between when a malicious asset (phishing site, fake social profile, fraudulent domain) is detected and when it is successfully removed from the internet.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, trojans, ransomware, spyware, and other harmful programs.

Domain names intentionally registered to closely resemble legitimate brand domains through minor spelling variations, additional words, or different top-level domains to deceive users and enable impersonation attacks.

Malicious software or hardware that secretly records keystrokes on a computer or mobile device to capture passwords, credit card numbers, messages, and other sensitive information typed by users.

Underground cybercrime services where attackers offer to create and operate impersonation campaigns targeting specific brands, executives, or organizations on behalf of paying clients.

A method of deceiving users by registering domain names that use characters from different alphabets or scripts that appear visually identical to legitimate domain names, enabling effective spoofing and phishing.

Fraudulent websites designed to impersonate legitimate businesses, services, or brands to deceive visitors for purposes of theft, fraud, malware distribution, or data collection.

Comprehensive security measures designed to protect senior executives and high-profile individuals from physical threats, cyber attacks, privacy violations, and reputational harm.

The creation of email messages with a forged sender address to make the email appear as though it originates from someone or somewhere other than the actual source.

The practice of creating emails, websites, or other digital assets that fraudulently appear to originate from a legitimate domain to deceive recipients and bypass security controls.

An email authentication protocol that builds on SPF and DKIM to give domain owners control over what happens to emails that fail authentication checks, while providing visibility into email traffic using their domain.

An email authentication method that allows receiving mail servers to verify that email claiming to come from a specific domain was actually authorized by that domain's owner and wasn't altered in transit.

An emerging cybersecurity category focused on protecting organizations from synthetic media, brand impersonation, deepfakes, and coordinated deception campaigns that exploit trust rather than technical vulnerabilities.

A comprehensive cybersecurity approach focused on identifying, monitoring, and mitigating threats that originate outside traditional network perimeters across digital channels and the extended attack surface.

A portion of the internet that requires specific software, configurations, or authorization to access, where users and website operators maintain anonymity and activities remain largely untraceable.

Fake but realistic-looking usernames, passwords, and other authentication data intentionally planted on phishing sites to pollute attacker databases, waste criminal resources, and generate threat intelligence.

A security incident in which sensitive, protected, or confidential information is accessed, stolen, or disclosed by unauthorized individuals, whether through cyber attack, insider threat, or accidental exposure.

The practice of registering, trafficking, or using domain names with bad faith intent to profit from trademarks or brand names owned by others.

The process by which attackers collect usernames, passwords, and other authentication information through phishing sites, malware, or social engineering techniques.

A specific type of Business Email Compromise where attackers impersonate a company's CEO or senior executive to manipulate employees into making unauthorized wire transfers or divulging confidential information.

The process of adding malicious URLs, domains, or IP addresses to security databases that warn or prevent users from accessing known threats across browsers, networks, and security tools.

A sophisticated phishing attack where criminals impersonate executives, vendors, or business partners to manipulate employees into transferring money or sensitive information.

The unauthorized use of a company's name, logo, visual identity, or reputation to deceive customers, partners, or employees for malicious purposes.

The sum total of all possible entry points where unauthorized users could attempt to access or extract data from an organization's digital environment.

An advanced phishing technique where attackers intercept communications between a user and legitimate service, capturing credentials and session tokens even when multi-factor authentication is enabled.

A targeted attack where criminals impersonate senior executives or high- ranking officials to manipulate employees, partners, or systems into unauthorized actions or information disclosure.

Synthetic media created using artificial intelligence to manipulate or generate convincing but fake visual and audio content, including videos and voice recordings of real people.

An automated attack technique where criminals test large volumes of stolen username and password combinations across multiple services to find accounts where users reused credentials.

A cyber attack where unauthorized individuals gain access to legitimate user accounts through stolen credentials, phishing, or social engineering techniques.