+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

Cybersecurity Glossary

Plain-language cybersecurity definitions for employees, managers, and security teams. Use the glossary to understand a term, then open the full guide for examples, prevention tips, and business context.

Showing all glossary terms.

Category

AI & Emerging Threats

Terms covering AI-assisted fraud, synthetic content, and other fast-moving techniques changing how attacks are created and delivered.

  • AI Phishing AI phishing does not need to be technically advanced to be dangerous. Its strength is volume, speed, personalization, and the ability to remove obvious warning signs from a scam. Click to learn more
  • AI Security Awareness AI changes the speed, polish, and personalization of attacks. Awareness programs need to teach people how to slow down when something looks believable but asks for trust, money, access, or data. Click to learn more
  • AI Social Engineering AI does not change the attacker's goal. It changes how quickly they can create believable messages, personas, voices, and follow-up interactions. Click to learn more
  • Deepfake Scams The danger is not just the fake media itself. The danger is the business decision it tries to influence, such as approving a payment or trusting a new identity. Click to learn more
  • Synthetic Identity Fraud The identity may not look suspicious at first. The risk grows when a false profile is allowed to build reputation, access, credit, or business trust over time. Click to learn more
  • Voice Cloning Attacks A familiar voice can lower resistance quickly. Treat voice as one signal, not proof, when the request involves money, access, data, or process exceptions. Click to learn more
Category

Phishing & Social Engineering

Glossary entries about impersonation, manipulation, and message-based scams that pressure people into clicking, paying, or sharing data.

  • Angler Phishing The victim often starts with a real customer service problem. The scam begins when a fake helper enters the conversation before the real brand can respond. Click to learn more
  • Attachment-Based Phishing The attachment may look like normal work: an invoice, resume, report, receipt, voicemail, shipping notice, calendar invite, or shared document. Click to learn more
  • Baiting Baiting does not always rely on fear. Often it works because the offer feels useful, lucky, convenient, or too interesting to ignore. Click to learn more
  • Business Email Compromise BEC is dangerous because it often looks like normal business. The email may not include malware or a suspicious attachment; the request itself is the attack. Click to learn more
  • Calendar Phishing Calendar phishing works because meeting invites look like work tasks, not ads or spam. A reminder can interrupt the user at the exact moment the attacker wants them to act. Click to learn more
  • Callback Phishing Callback phishing moves the attack from a written message into a voice conversation, where the attacker can adapt, reassure, and pressure the target in real time. Click to learn more
  • Catfishing Catfishing is usually slower than a one-message phishing attempt. The attacker invests time in the relationship so the eventual request feels personal rather than suspicious. Click to learn more
  • Clone Phishing Clone phishing is effective because the message does not feel new. It feels like a resend, correction, update, or routine follow-up. Click to learn more
  • Display Name Spoofing The sender name may be familiar, but the real address may tell a different story. Display name spoofing works when users do not expand the details. Click to learn more
  • Domain Spoofing A spoofed domain works by looking close enough to the real one that people do not slow down to inspect it. Click to learn more
  • Email Spoofing Email spoofing attacks the trust people place in sender identity. If the sender looks familiar, the request may feel safer than it is. Click to learn more
  • Evil Twin Phishing The network name may look familiar, but the connection is controlled by the attacker. The risk starts when a user treats the fake network as safe. Click to learn more
  • Impersonation Attack The danger is not only the fake name. It is the trust that comes with the name, role, logo, voice, email address, or business context. Click to learn more
  • Link Obfuscation The link may look ordinary, but the destination may not be. Obfuscation adds friction between what the user sees and where the browser actually goes. Click to learn more
  • Phishing Email The email is only the delivery channel. The real attack is the action it tries to trigger. Click to learn more
  • Pig Butchering The first message is rarely the real ask. The attacker invests time so the eventual request feels like advice from someone the target knows. Click to learn more
  • Pretexting The pretext is the story that makes the request feel normal. If the story is believable, the target may focus on helping instead of verifying. Click to learn more
  • Quishing The square code is not the threat by itself. The risk is the destination and the action it asks the user to take after scanning. Click to learn more
  • Scambaiting Scambaiting is not the same as safe reporting. Reporting hands the issue to the right team; scambaiting keeps the conversation alive. Click to learn more
  • Shoulder Surfing Shoulder surfing does not need malware. If sensitive information is visible, an attacker may only need a line of sight and a moment of distraction. Click to learn more
  • Smishing Smishing works because texts feel personal, immediate, and easy to handle on the move. A message that would look suspicious in a crowded email inbox can feel much more believable when it appears as a short alert on a phone lock screen. Click to learn more
  • Social Engineering Social engineering is not about people being careless. It is about attackers designing situations that make the wrong action feel reasonable in the moment. Click to learn more
  • Spear Phishing Spear phishing is dangerous because the message often contains enough real context to feel like normal business. Click to learn more
  • Tailgating (Physical Security) Tailgating turns courtesy into a security gap. A person may hold a door to be helpful, while the attacker uses that moment to avoid identity checks. Click to learn more
  • Tech Support Scams The attacker is not really fixing a problem. They are creating one, or exaggerating a normal issue, so the target will follow instructions from someone who sounds helpful. Click to learn more
  • Vishing A vishing call can feel more believable than an email because the target is responding to a person in real time. That pressure is exactly what the attacker wants. Click to learn more
  • Whaling (Executive Phishing) Whaling attacks are often carefully researched because the target’s authority can turn one convincing request into a major business incident. Click to learn more
Category

Malware & Threats

Terms about malicious software and attack methods used to compromise systems, steal data, hijack accounts, or disrupt operations.

  • Adware Adware may seem less severe than other malware, but it can still disrupt work, expose browsing data, and lead users toward scams or malicious downloads. Click to learn more
  • Botnets A botnet turns many separate devices into shared attack infrastructure. The owner of one infected device may not notice, but the combined network can create serious damage. Click to learn more
  • Brute Force Attack Brute force attacks are noisy in theory, but automation lets attackers test many guesses quickly across exposed login points. Click to learn more
  • Credential Stuffing Credential stuffing turns old breach data into new account compromise whenever passwords are reused. Click to learn more
  • Distributed Denial-of-Service (DDoS) Attack A DDoS attack does not always steal data. Sometimes the damage comes from making a service unavailable when people need it. Click to learn more
  • DNS Spoofing Attack DNS spoofing is dangerous because the user can do the right thing, such as typing a known domain, and still be routed to the wrong place. Click to learn more
  • Keylogger A keylogger turns normal typing into data theft. The user may not notice anything wrong while sensitive information is quietly recorded. Click to learn more
  • Malvertising The website may be legitimate, but the ad or destination may not be. That separation is what makes malvertising confusing for users. Click to learn more
  • Man-in-the-Middle Attack (MITM) The danger is not always a fake message. Sometimes the real conversation is being watched or quietly altered in transit. Click to learn more
  • Ransomware Ransomware is not just a malware problem. It is an operational, financial, legal, communications, and trust problem all at once. Click to learn more
  • Rootkit A rootkit is less about the first break-in and more about staying hidden after access is gained. Click to learn more
  • Session Hijacking A stolen session can be especially risky because the attacker may not need the password again after the user has already authenticated. Click to learn more
  • Spyware Spyware is built to watch quietly. The device may still function normally while sensitive information is collected in the background. Click to learn more
  • Supply Chain Attack Supply chain attacks are powerful because trust has already been granted. The attack arrives through something the organization expects to use. Click to learn more
  • Trojan A Trojan wins trust before it runs. The disguise is the delivery strategy; the payload is the real damage. Click to learn more
Category

Security Concepts

Foundational cybersecurity ideas that shape risk decisions, awareness programs, defense strategy, and security operations.

  • Attack Surface Attack surface is not one thing. It is the collection of doors, windows, shortcuts, and weak spots attackers might test. Click to learn more
  • Data Breach A breach is not only a technical event. It becomes a business, legal, customer trust, and communications issue almost immediately. Click to learn more
  • Encryption Encryption does not stop every attack, but it can make exposed data far less useful to someone who should not have it. Click to learn more
  • Endpoint Security An endpoint is where work happens. That makes it useful to employees and attractive to attackers. Click to learn more
  • Honeypot A honeypot turns curiosity against the attacker. Legitimate users usually have no reason to interact with it, so activity can be a strong signal. Click to learn more
  • Human Risk Management The goal is not perfect behavior. The goal is measurable risk reduction, better reporting, and safer systems around real human work. Click to learn more
  • Kill Chain (Cyber Kill Chain) The kill chain is useful because an attack does not need to be stopped at the last step. Breaking an earlier link can prevent the later damage. Click to learn more
  • Threat Actor Threat actor is a broad term. It can describe a ransomware group, a phishing scammer, a malicious insider, or a state-backed team. Click to learn more
  • Threat Intelligence Threat intelligence is not just a list of bad IP addresses. Its value comes from context: what the signal means and what to do next. Click to learn more
  • Zero Trust Security Zero trust is not about distrusting employees. It is about designing access so one stolen password or compromised device cannot reach everything. Click to learn more
Category

Compliance & Regulations

Terms tied to governance, awareness requirements, privacy expectations, and the frameworks that influence organizational security programs.

  • GDPR GDPR is not only a privacy notice. It affects data collection, security, retention, vendor handling, user rights, breach response, and everyday business workflows. Click to learn more
  • HIPAA HIPAA is not only a paperwork requirement. It affects how people access, share, store, report, and protect patient-related information every day. Click to learn more
  • ISO 27001 ISO 27001 is not just a list of security controls. It is a management system for understanding risk, choosing controls, reviewing performance, and improving over time. Click to learn more
  • NIS2 NIS2 is not just an IT checklist. It pushes cybersecurity into governance, operations, suppliers, reporting, and leadership accountability. Click to learn more
  • PCI DSS PCI DSS is about reducing payment card risk across people, processes, systems, vendors, and the cardholder data environment. Click to learn more
  • Security Awareness Training Awareness training works best when it is practical, relevant, and repeated over time rather than treated as a once-a-year checkbox. Click to learn more
  • SOC 2 SOC 2 is less about a single security tool and more about proving that important controls exist, are documented, and work as intended. Click to learn more
Category

General Security

Everyday cybersecurity terms employees and business leaders encounter across identity, email, internet use, and account protection.

  • Black Hat Hacker Black hat describes intent and authorization. The same technical skill can be harmful or helpful depending on permission, purpose, and conduct. Click to learn more
  • Dark Web The dark web is not the same as the entire internet underground, but it is one place where stolen information can circulate after a breach. Click to learn more
  • DKIM DKIM helps answer whether a message still matches the sender signature attached to it. Click to learn more
  • DMARC DMARC helps protect domains from direct spoofing, but it needs correct SPF and DKIM setup to work well. Click to learn more
  • Email Authentication (SPF, DKIM, DMARC) Email authentication does not make every email safe, but it helps prove whether a domain really authorized the message. Click to learn more
  • Email Security Email security works best when filters catch what they can and employees report what slips through. Click to learn more
  • Grey Hat Hacker Good intent does not replace permission. In security testing, authorization and scope matter. Click to learn more
  • Malicious Links The link is only the doorway. The danger is the action waiting on the other side. Click to learn more
  • Multi-Factor Authentication (MFA) MFA is one of the most practical ways to reduce password-based account takeover, but users still need to handle prompts carefully. Click to learn more
  • Single Sign-On (SSO) SSO simplifies access, but it also makes the central identity account especially important to protect. Click to learn more
  • SPF SPF answers one core question: is this server allowed to send mail for this domain? Click to learn more
  • White Hat Hacker White hat hacking is defined by permission, scope, and a goal of making systems safer. Click to learn more

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn