Phishing and social engineering terms

Typosquatting is a social engineering attack involving a fake website that the victim accesses by mistyping a URL.

Twishing (“Twitter” + “phishing”) is a form of cybercrime carried out through X, formerly known as Twitter.

A tech support scam is a fraud in which scammers pose as legitimate technical support representatives, typically from well-known technology companies.

Targeted attacks refer to complex cyberattacks that concentrate on a particular person, organization, or system.

Tabnabbing is a type of phishing attack and cyber exploit that bad actors use to manipulate inactive web pages that users leave open in their browsers.

Spear phishing is a form of phishing attack directed at specific companies or individuals.

Spam over Internet Telephony is the unwanted distribution of unsolicited voice messages using Voice over Internet Protocol (VoIP) technology.

Social engineering is a psychological manipulation technique that cybercriminals use to get people to give away confidential information or perform a certain action.

SMS spoofing, also known as source address spoofing or text message spoofing, is a technique where a sender manipulates the source identifier on a text message to masquerade as someone else.

Smishing is a cyberattack that is carried out over text messages.

Shoulder surfing is the practice of physically observing the victim’s device from a close distance, typically over their shoulder.

Scareware is a type of cyberattack that involves hackers scaring people into downloading malware by clicking on malicious links or visiting infected websites.

Reshipping refers to a scam that usually involves unsuspecting individuals being tricked into receiving stolen goods and then forwarding them to criminals.

A quid pro quo attack is a type of social engineering tactic where a cybercriminal promises a victim to deliver a helpful service or provide a benefit in exchange for sensitive information, such as login credentials or personal details.

QR code phishing (also known as quishing) is a social engineering attack that uses a QR code to trick people into giving their personal data like financial details or login information.

Pretexting is a social engineering attack where the victim is tricked by a fake scenario (a pretext) to perform an action or reveal personal information.

A post-inoculation attack is a class of cyberattacks that occur after an organization introduces an initial security safeguard, or 'inoculation'.

Piggybacking is the act of gaining unauthorized access to an account, system, or network by exploiting another subject’s legitimate entry.

Phish-prone percentage refers to a metric used to assess a company’s vulnerability to a phishing attack.

Pharming is a type of cyberattack during which a hacker redirects their victim’s traffic from the original website to a fake one.

A one ring scam, also known as Wangiri fraud, is a type of telephone fraud that originated in Japan and involves tricking victims into calling costly international or premium-rate numbers.

MFA bombing, alternatively known as multi-factor authentication bombing, is a cyberattack method in which malicious actors seek to inundate a user's multi-factor authentication (MFA) procedures.

A masquerade attack refers to a cyber attack where an attacker impersonates a legitimate user or device in order to gain unauthorized access to a network or system.

Lurking is the practice of reading and observing an online community without actively participating in any way.

A luring attack is a cyber attack where an attacker tricks a target into compromising their security or divulging sensitive information.

An internet troll is a person who communicates using off-topic or inflammatory messages to enrage individuals or groups and start an online war.

An impersonation attack is a dangerous tactic involving hackers posing as authorized users or devices in order to bypass security measures and steal sensitive information from unwitting victims.

Image spam is a spamming technique in which textual spam messages are embedded into images attached to the email.

Ice phishing is a type of scam targeting the people who use cryptocurrency or the blockchain.

HTTPS phishing is a type of cyberattack where attackers impersonate a trusted website that uses the HTTPS protocol to deceive victims into providing sensitive information.

A homograph attack includes the bad actor using similar characters as another legitimate site and disguising themselves as if they are that site by creating a fake URL that spoofs the real one.

A hoax is a message that deceives people into thinking that something is true when it isn’t.

Footprinting is a technique used by ethical hackers to find vulnerabilities in a system, network, or infrastructure.

Facebook stalking is following someone's activity and gathering information about them through Facebook.

Email spoofing is a type of cyberattack where the criminal fakes (spoofs) the sender address of an email message to lull the receiver into a false sense of security.

An email hoax is a type of online scam involving sending out fraudulent emails.

An email attack or an email-centric assault is a hostile action conducted via email to infiltrate the recipient's computer, steal confidential data, or disrupt their regular activities.

A dumpster diving attack is a type of no-tech attack that hackers use to obtain someone’s personal information.

Domain spoofing is a type of cyberattack where the attacker creates a fake website or email address that closely mimics a legitimate one.

A dialog box is a small window that pops up on a screen with which a user interacts to complete a task.

Deepfake refers to a form of synthetic media that employs artificial intelligence (AI) and machine learning techniques to produce convincingly realistic, altered audio and visual material.

DarkHotel is a cyberespionage group that has been active since at least 2007 and is known for targeting high-profile individuals and organizations, like business executives and government officials.

Dark patterns are design techniques that use tricks or manipulation to lead users to make decisions that are against their interests or prevent them from exercising their free will.

Cyberbullying refers to bullying that takes place through digital technologies.

Credential harvesting, also known as credential phishing or password harvesting, is a technique cybercriminals employ to obtain usernames, passwords, and other sensitive data from unsuspecting victims.

Conversation hijacking is a type of email attack where the attacker targets specific email accounts and compromises them so that they can spy on their conversations.

A CLSID is a serial number that represents a globally unique identifier for any application component in Windows.

Clone phishing is an attack where a cybercriminal makes a copy of a legitimate email from a trusted sender.

CEO fraud is a sophisticated cybersecurity threat where fraudsters impersonate high-ranking executives to deceive employees, clients, or vendors into committing fraudulent actions, often involving financial transactions.

Catfishing is a social engineering scam where the attacker creates a fake online persona to target a specific victim on social networks.

Biometric spoofing is the deliberate manipulation or imitation of biometric traits to deceive systems reliant on biometric authentication for security.

Baiting is a social engineering attack where the victim is tricked into installing malicious software on their device.

Angler phishing is a social engineering attack aimed at customers who publicly request assistance from an organization on social media.

Account hijacking is a type of cyberattack during which a hacker takes control of the victim’s account associated with a computer device or online service.