Cybersecurity Glossary

Learn about the latest cybersecurity attacks, threat actors, best practices, regulations, and beyond.
Get a Demo

Abuse Mailbox

An Abuse Mailbox is the destination of user-reported suspicious emails sent to IT and security teams for further evaluation. It's a crucial part of tracking and stopping potential email threats.
Read More

Account Takeover Fraud

Account takeovers happen when cybercriminals steal login credentials to access an email account. If a malicious actor successfully compromises an account, they can use it to commit fraud, send phishing emails, steal data, and beyond.
Read More


AI TRiSM is an acronym coined by Gartner that refers to a framework for how organizations should identify and mitigate risks surrounding reliability, security, and trust within AI models and applications. AI TRiSM stands for trust, risk, security management.
Read More

AI-Enabled Cyberattacks

An AI-powered cyberattack, also known as an AI-enabled or offensive AI attack, leverages AI/ML algorithms to carry out malicious activities. These attacks use AI to automate and enhance the capabilities of traditional cyberattacks, making them more sophisticated, targeted, and challenging to detect.
Read More

Bad Rabbit Ransomware

Bad Rabbit is a notable ransomware attack from 2017 where a file was maliciously installed through a bogus Adobe Flash installer. It encrypted user data and requested a Bitcoin ransom payment, with a similar code structure to the Petya attack. Bad Rabbit originated in Russia and Ukraine, and was spotted in several other countries.


A botnet (bot network) is a chain of Internet-connected devices centrally controlled by a hacker. Botnets are usually created by hijacking unsuspecting computers with malware, and they’re often used to send spam or DDoS attacks.

Brute Force Attack

A brute force attack refers to a trial-and-error attempt to steal passwords, login credentials, and encryption keys. Brute force attacks are conducted manually or, more often, with the help of a computer. There are several effective defenses against these attacks–increasing password length, requiring CAPTCHA answers, or limited password attempts.
Read More

Business Email Compromise (BEC)

BEC is currently the most expensive type of cybercrime. These socially engineered attacks evade traditional email security systems. Learn how and why BEC works, and how to stop it.
Read More

CEO Fraud

CEO fraud is a type of BEC where criminals impersonate a CEO in an attempt to trick employees into paying invoices, sharing sensitive information, or otherwise compromising a company’s cybersecurity infrastructure. CEO fraud is also known as executive impersonation.
Read More

Clone Phishing

Clone phishing occurs when attackers create a convincing clone of a legitimate email. They compromise or impersonate the original sender and use the copycat email to dupe victims into entering login credentials, paying an invoice, downloading malware, or sharing sensitive data. These emails are often identical to a previous email the victim has received, except a malicious attachment or link is included.
Read More

Cloud Access Security Broker (CASB)

A cloud access security broker (CASB) is a security policy that sits between cloud service providers and users. A wide ranging CASB can authenticate users, help monitor and stop suspicious activity, prevent malware, and more.
Read More

Cloud Email

Cloud-based email is an email delivery and storage method hosted and maintained by an outside provider. It allows organizations and users to securely send, receive, and store emails. This is unlike on-premise email hosting which is physically housed and maintained internally within an organization's servers and IT environment.
Read More

Cloud Security Posture Management (CSPM)

Cloud Security Posture Management (CSPM) is a set of tools and processes designed to keep cloud-based environments secure by identifying misconfigurations and enforcing security policies.
Read More

Compliance Monitoring

In cybersecurity, compliance monitoring refers to evaluating security processes for adherence to legal and internal regulations. Certain industries and regions have specific cybersecurity standards. Compliance monitoring helps organizations ensure they operate legally, protect their data, and avoid potential fines.

Computer Virus

A computer virus is a program, software, or piece of code designed to negatively affect the device or network it infects. They’re spread by malware, phishing scams, social engineering, or virtually any cyberattack method.

Consent Phishing

Consent phishing is a specialized type of phishing targeting user permissions for third-party applications. Third-party apps frequently ask permission to access certain features to run properly. But attackers can use fraudulent app permission requests to gain access to a person's account.
Read More

Credential Stuffing

Credential stuffing uses stolen login credentials and across multiple websites, using bots for mass log-in attempts.
Read More


Cryptojacking is the use of a device to mine cryptocurrency, without the device owner’s knowledge or permission. It’s usually done by installing malware on an unsuspecting victim’s device, like a computer, phone, or tablet. Mining cryptocurrency requires substantial resources, which makes cryptojacking useful for criminals.


A cyberattack is a wide-ranging term for a malicious attempt to breach networks, systems, or computer infrastructure of an individual or organization. Cyberattacks can take a variety of forms and can come from single actors or organized groups.


Cybersecurity is a catch-all term for the practice of securing systems, networks, and technologies from attacks and unauthorized access. A strong cybersecurity policy is vital to every modern organization.

Data Archive

A data archive is the removal and safe storage of data that remains important or sensitive but is no longer regularly used. It’s an important practice for organizations with data compliance or forensics requirements.
Read More

Data Breach

A data breach occurs when confidential and sensitive information is stolen by an unauthorized group or individual. Data breaches are one of the end goals of many cyberattacks.
Read More

Data Leak

A data leak is the unintentional exposure of sensitive data. Data leaks, unlike data breaches, are not the result of malicious activity–rather, data leaks typically stem from bad or outdated data security policies.
Read More

Data Loss Prevention (DLP)

Data loss prevention refers to a set of software and processes that work to prevent breaches and unauthorized access of sensitive data. DLP is a critical component in protecting and securing data.
Read More

Denial-of-Service (DoS) Attack

A DoS attack is a common cyberattack where a server, machine, or network is maliciously rendered unusable by a service crash or a flood of requests. DoS attacks prevent legitimate users from accessing the service, usually by overloading it with bogus traffic. These attacks can quickly crash a website.

Distributed Denial-of-Service (DDoS) Attack

A DDoS attack is a cyberattack where a server, system, or network is overloaded with traffic and rendered nonfunctional. A DDoS attack is different from a regular DoS attack in that it is committed by multiple IP addresses or machines, rather than just one.

DKIM (DomainKeys Identified Mail)

DKIM is a standard email authentication protocol that helps ensure sender addresses aren’t forged and emails aren’t altered in transit. DKIM affixes a digital signature linked to a domain name, so recipients can verify that the sender address is authorized by said domain.
Read More


DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a standard email authentication protocol. It helps mail administrators and domain owners prevent email spoofing from cyberattackers. Servers can look up the DMARC policy of an incoming email to validate that its DKIM signature is valid, the headers align with the proper domain, and the address matches the domain.
Read More

DNS (Domain Name Server) Spoofing and Poisoning

A DNS spoof, also called DNS cache poisoning, is a cyberattack where criminals redirect traffic from a legit site to a malicious copycat. They alter DNS records by hijacking a DNS server, or intercepting communications between a server and user, and eventually returning an incorrect IP address. The malicious site may install viruses or prompt users to enter login credentials.
Read More

Email Archiving

Email archiving is the process of securely storing emails, making it easy to search for and retrieve them. It helps store old emails that you don’t need immediate access to, but don’t want to delete. Beyond the convenience of quickly finding emails and preserving server speeds, email archiving is vital for security and compliance purposes.
Read More

Email Filters

Email filtering is the act of processing emails—incoming and sometimes outgoing—to classify and categorize them. This is usually done by an SMTP server. Email filtering is often used to detect spam, viruses, and malware before it reaches a user.
Read More

Email Protection

Email protection is a combination of software and processes designed to defend an organization’s inboxes from email-based cyberattacks. This ranges from email security software that scans and detects malicious content and intent in messages to security awareness training for end users.
Read More

Email Quarantine

Email Quarantine is a dedicated storage area that isolates harmful messages detected by security solutions from reaching your end-users inboxes.
Read More

Email Scams

Email scams are cyberattacks sent over email that use social engineering tactics to trick people into sharing private data or installing malicious software.
Read More

Email Security

Email security is a set of processes and technologies to protect email accounts, users, and organizations from unauthorized and malicious messages.
Read More

Email Spoofing

Email spoofing is a method to send emails with a forged sender address, often used to deliver spam and phishing attacks. A strong email security framework can detect and prevent it.
Read More


Encryption is the process of disguising data so it’s impossible to decipher without authorization. Encryption often involves changing information from plaintext to ciphertext. It’s a vital practice for strong data privacy and security.
Read More


A firewall is a type of network security that filters incoming and outgoing traffic. It acts as a barrier between a trusted, internal network and an unknown, external network–like the Internet.

GDPR (General Data Protection Regulation)

GDPR is a data privacy law in the European Union that regulates the collection and processing of personal data. Businesses that operate in the EU need a strong cybersecurity framework to comply with the GDPR to avoid substantial penalties.


Graymail is a promotional email from a legitimate sender that varies in value to different users. Different from spam, the variance in content and in relevance to users makes it more challenging to filter with rules or policies. It may be a bulk email that a recipient has subscribed to in the past, like a newsletter, or a cold call from a vendor.
Read More

HIPAA Compliance

In cybersecurity and IT, HIPAA (Health Insurance Portability and Accountability Act) compliance is a set of stringent regulations regarding privacy and security of protected health information (PHI). Not adhering to HIPAA compliance can lead to substantial fines.

Impersonation Attacks

An impersonation attack is a type of cybercrime where a criminal poses as a known person or organization to steal confidential data or money. Attackers use social engineering tactics to assume an identity–either by compromising an account or creating a lookalike–and ask unsuspecting victims to complete routine tasks like paying an invoice, sharing a file, or clicking a link.
Read More

Indicators of Compromise (IOCs)

Indicators of Compromise (IOC) are forensic clues and evidence of a potential breach within an organization's network or system. IOCs give security teams essential context in discovering and remediating a cyberattack.
Read More

Insider Threat

An insider threat is a person within an organization who poses a cyber security risk. This person uses their credentials and trusted status to compromise a network or leak data to unauthorized people outside the organization, intentionally or accidentally.
Read More

Integrated Cloud Email Security (ICES)

Integrated cloud email security (ICES) is a cloud-based email security solution that supplements the native security capabilities of a cloud email provider like Microsoft or Google. ICES is a relatively new term coined by Gartner to describe the evolving offerings in the email security market.
Read More

IP Reputation

IP reputation measures the behavioral quality of an IP address and how many unwanted requests it sends. If an IP address sends authentic, spam-free emails, it gets a positive IP reputation score. On the other hand, if associated with bulk spam, malware, dangerous domains, or suspicious locations, an IP address will have a poor IP reputation.
Read More


Malware is a type of malicious software (hence the name) designed to disrupt a victim’s computer, server, or network. It’s a catch-all term for software like viruses, trojan horses, ransomware, spyware, worms, and more.

Man in the Middle Attacks

A man-in-the-middle (MITM) attack happens when a cybercriminal positions themselves between two parties to intercept and eavesdrop on private communications. They can then trick users into revealing sensitive data like passwords or banking credentials.
Read More

MFA Bypass

A multi-factor authentication (MFA) bypass is a broad term referring to an attack method where a cybercriminal navigates around MFA requirements to gain unauthorized access to an account.
Read More

MFA Fatigue Attacks

Multi-factor authentication (MFA) fatigue attack is a social engineering tactic where attackers send numerous calls or push notifications to a person's authenticator app or phone, hoping the person will eventually accept one. The attackers then gain access to the account. In some cases, the attacker may pose as a trusted figure like a coworker in IT.
Read More

MX Record

An MX record, or mail exchange record, is a DNS record that routes emails to specified mail servers. MX records essentially point to the IP addresses of a mail server’s domain. MX records can specify and prioritize multiple email servers, which is necessary for load balancing and avoiding outages. And they're an important part of troubleshooting mail delivery problems for any organization.
Read More

Packet Loss

Packet loss is a data transmission error when pieces of data (packets, in this case) don’t make it to their intended destination. Packet loss is usually caused by network congestion, software bugs, cyberattacks, or hardware issues.


Pharming refers to a cyberattack where a user is redirected to a fake version of a legitimate website. This is usually done by infecting a user’s computer with malware or corrupting a website’s DNS server.
Read More


Phishing is a social engineering attack where criminals send fraudulent messages—usually by email—purporting to be a legitimate business, organization, or person. The goal: trick a user into sharing sensitive data like login credentials or deploying malware.
Read More

Proxy Server

A proxy server acts as an intermediary or gateway between a user and the Internet. It’s the middleman between an end user and a network resource and it can provide an added layer of security.

QR Code Phishing Attacks

QR phishing, or quishing, is a type of phishing attack where an attacker tries to trick a victim into interacting with a QR code image. The QR code usually redirects users to a page where they are prompted to enter login credentials. Unfortunately, these pages are malicious copies, and attempting to log in gives attackers access to credentials, compromising the user’s account.
Read More


Ransomware is a type of malware that can lock computers, networks, and systems until a ransom is paid. It's a growing problem for businesses and individuals alike.
Read More


A sandbox is a computer security term for an isolated environment where any suspicious or unknown code can run without putting the host device or network at risk. Sandboxes are vital in cybersecurity to vet and analyze potential threats.

Secure Email Gateway (SEG)

A Secure Email Gateway (SEG) is a hardware appliance or piece of software that monitors emails sent and received. SEGs are designed to keep threats like spam, malware, phishing attacks, and unwanted messages out of user inboxes.
Read More

Security Awareness Training

Security awareness training minimizes security risks by empowering employees with tools and knowledge against cyber threats. It's a necessary part of cybersecurity–organizations are only as safe as their users.
Read More

Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an email authentication protocol that helps verify an email’s true sender. Receiving servers use SPF to check that an email comes from a server approved by the purported sending domain.
Read More


Smishing is a type of phishing attack conducted over text messages. It's increasingly common due to the ease of setting up spoofed numbers and the lack of spam filters for SMS messaging.
Read More

SMTP (Simple Mail Transfer Protocol)

SMTP is a common language used to send email. It’s a universal set of rules that allow servers and email clients to communicate via the internet. It helps increase email deliverability and reduce spam by verifying email senders. Think of SMTP as the language your computer uses to tell a server where an email goes, what’s in the email, what’s attached, and more.
Read More

Social Engineering

In information security, social engineering refers to deceptive and manipulative practices used by bad actors to trick people into sharing sensitive data or sending money to a threat actor. Social engineering is a cornerstone of many successful cyberattacks, and it's unique from other attacks in that it doesn't require technical skills.
Read More


Spam is unsolicited junk email sent in bulk. Most spam messages are sent with commercial interests in mind, but some more nefarious spam messages can include malware or phishing attempts.

Spear Phishing

Spear Phishing is a highly targeted cyberattack where criminals research a victim to send convincing phishing emails. It's effective and potentially devastating.
Read More

Supply Chain Attack

Supply chain attacks are sophisticated cyberattacks that bypass traditional security measures. A criminal compromises a trusted vendor, opening the door for attacks across a supply chain. They can infect shared infrastructure with malware, or send convincing phishing attacks from the trusted vendor.
Read More

Trojan Horse

A trojan horse is a catch-all term for malware that is disguised to look unsuspicious. Trojans usually spread via social engineering to give attackers unauthorized access to computers and networks.


Vishing is a phishing attack conducted entirely over the phone. Americans face a whopping 4 million scam calls a month thanks in part to new technologies that make vishing easy and effective.
Read More


A VPN—or virtual private network—allows you to maintain online anonymity while using the Internet. VPN’s often hide IP addresses and encrypt user data, making them useful for privacy enthusiasts or people who use public Wi-Fi.


WannaCry was a massive ransomware attack in 2017 that impacted over 200,000 computers across 150 countries, causing billions of dollars in damages. Several sources identified North Korea as the origin of the attack.

Watering Hole Attack

A watering hole attack is a threat vector that targets a specific group of users by compromising a website they frequently visit. The watering hole refers to predators who wait for prey by the watering hole—in this case, a compromised website.


Whaling is a type of spear phishing attack that specifically targets or impersonates high-value targets—like C-suite executives–to steal sensitive data and, ultimately, money. Whaling attacks are a form of social engineering that utilize false urgency and deep research to trick victims.
Read More

Zero Trust Security

Zero trust is a cybersecurity framework based on the principle that nothing is automatically trusted. Every person, device, or digital interaction is immediately regarded as a potential threat by the framework until they're properly authenticated. The zero trust strategy is a collection of procedures designed to protect a network from internal threats.
Read More

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
See a Demo