What is That? Our Phishing Terminology Glossary Demystifies Industry Jargon

May 07, 2021

When you’re considering the best way to secure your systems and data against phishing, it helps to know what you’re up against. There is a lot of specialized phishing terminology, and you’ll need to learn it to make sure that you’re protecting your business from today’s biggest threat – 90% of incidents that end in a data breach start with a phishing email. Here are some common types of phishing attacks that your business could face. 

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Account Takeover Attack (ATO) 

Account takeover is a form of identity theft and fraud. The goal of an ATO attack is for a malicious third party to capture and exploit a user’s account credentials. That then enables bad actors to misrepresent themselves as legitimate employees of an organization to further schemes like sending out phishing emails, stealing sensitive data, planting malware or accessing other accounts within the organization. 

Angler Phishing 

Angler phishing involves phishing through social media. This can include masquerading as a customer service account on social media, BEC scams using messaging services, maladvertising and other uses of social media profiles and tools to facilitate fraud. The most commonly used social media network for angler phishing is LinkedIn.  

Business Email Compromise  

Business email compromise (BEC) sometimes called email account compromise (EAC)— is a scam that utilizes legitimate (or freshly stolen) email accounts from a trusted business to fraudulently acquire money, personal information, financial details, payments, credit card numbers and other data from a business. These scams also target businesses that use wire transfers, foreign suppliers and other invoice transactions.  

CEO Fraud 

CEO Fraud is a type of attack in which the attacker impersonates a company’s CEO or another powerful executive to deceive an employee into performing an action outside of normal channels. In a CEO fraud operation, the attacker might try to get the target to transfer money to a bank account owned by the attacker, send confidential HR information, purchase money cards, authorize fraudulent transactions, pay a bill or reveal sensitive information. 

Clone Phishing 

A clone phishing attack uses a legitimate or previously sent email from a legitimate source that contains attachments or links to deceive the target into downloading malware, visiting a malicious website or providing credentials and information. The email is typically spoofed to appear like it is being sent by the original sender and may claim it is a re-send or special offer from a source that the target trusts. This technique can also be used to send fake system messages or routine communications from social media sites and stores. 

Double Extortion Ransomware 

In a double extortion ransomware attack, cybercriminals who have successfully penetrated security and captured an organization’s data or systems will demand multiple payments to ameliorate the attack, decrypt data and systems, or have stolen data returned safely. For example, a threat actor may demand a ransom to provide the victim an encryption key to unlock their encrypted database and not make a copy of the stolen data. Cybercriminals rarely keep these promises.  This technique was used in several big COVID-19 phishing scams.

False Positive 

A false positive is a misjudgment by email security software that deems an incoming message to be phishing or spam and then moves that message into quarantine while alerting IT staff to the potential trouble spot. Email security software with a high rate of false positives may foster alert fatigue in IT staff or occupy valuable ( and expensive) time that staff wastes exploring, adjudicating and dealing with each alert. 

Malicious URL 

A malicious URL is a link created to promote scams, attacks, and frauds. These URLs can look legitimate but often contain small deviations from an organization’s actual website. The target will then be manipulated into providing passwords, account numbers, credentials and other sensitive information. Cybercriminals also use malicious URLs to lure victims into downloading malware including ransomware, skimming software, keyloggers, trojans, viruses and other malicious code. 


This umbrella term can be used as a catch-all for any bit of code or program that has been created for the specific purpose of causing harm to a target’s systems and data.  Some common types of malware include viruses, worms, a Trojan horse, a backdoor, a Remote Access Trojan (RAT), rootkits, keyloggers, payment skimmers, ransomware and spyware/adware. Malware is bought and sold every day on the dark web

Phishing (Phishing Attack, Phishing Scam)

In a phishing scam, the perpetrator masquerades as a legitimate business or reputable person in order to coax the victim into taking an action that furthers the goal of the operation, like giving the bad actor their password, downloading a malware-laden attachment or clicking on a malicious link. Most phishing campaigns start with the bad actors gathering information about their targets like email addresses, personally identifying information (PII) and other pertinent details from dark web markets and credential dumps. Sometimes, phishing practitioners also use pre-existing messages from reputable brands and clone them in order to seem trustworthy, a process called spoofing. Ultimately, phishing is a type of fraud. Phishing is also illegal in many countries including the US. 


When an incoming message is deemed to be a threat by email security and antiphishing software, that message is then moved to a specially segmented space until it can be safety-checked by IT personnel. The message can then be deleted safely by security staffers or sent on to the intended recipient. A message that is sent to quarantine but not malicious is referred to as a false positive (see False Positive). 


This incredibly devastating form of malware is the preferred weapon of today’s cybercriminals including nation-state actors. Ransomware is intended to encrypt data and/or systems to prevent the victim from accessing those resources. In the most commonly used type of ransomware attack, bad actors encrypt the victim’s files and request that a ransom be paid to have them decrypted or recovered. Ransomware gangs generally demand payment in the form of Bitcoin (an untraceable digital currency). Ransomware can also be used to shut down factories, snarl or stop utilities, interfere with shipping and transportation, steal research and formulas and cause other harm.  

Smishing Attack 

Named for the SMS (short message service) technology used to send text messages, smishing is a fraud attempt that uses a cellphone. In these scenarios, an attacker uses a compelling text message to trick targeted recipients into clicking a link, sending the attacker private information, handing over passwords and credentials or otherwise performing an action that enables the bad actor to profit. 

Social Engineering 

All phishing is to some extent social engineering. Scams based on social engineering are built around manipulating how people think and act. In a phishing context, bad actors use deceptive means to entice or frighten their targets into taking an action. This action could be providing sensitive information, handing over passwords, sending payment, downloading malware, visiting a website, opening an attachment or generally doing something that then enables those bad actors to facilitate cybercrime.   

Spear Phishing   

Spear phishing is the biggest slice of the phishing pie. Any phishing attack that uses customized content and details to lure the target into a false sense of security is spear phishing. Bad actors may use information gathered from publicly available sources, social media and/or dark web data markets and dumps to create an email that will be especially enticing and appear legitimate to the target. Spear phishing relies heavily on social engineering and is generally considered the most sophisticated phishing attack type. BEC, CEO fraud, whaling and other people-based cyberattacks all employ spear phishing techniques.  This is the most common technique used to distribute ransomware.


Spoofing is the act of disguising a communication from an unknown source through deception to make it seem like it comes from a familiar, trusted source. Cybercriminals can spoof all sorts of things like emails, phone calls, and websites, IP addresses and other digital communications. These tools are then used to facilitate phishing operations and other cybercrime.

Threat Modeling 

Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each and prioritize upgrades or changes that enable organizations to mitigate attacks and protect IT resources. This technique helps businesses see holes in their defenses, spot angles of attack that they may have missed or spot weaknesses that could crop up later and determine which solutions will serve their needs. this is an especially important tool when businesses are making transitions like the transition from remote to hybrid work.

Vishing Attack 

A vishing (voice or VoIP phishing) attack is an electronic fraud scam in which cybercriminals use social engineering and spear phishing techniques to conduct fraud via telephone. In these scams, victims are tricked into revealing critical financial details, passwords, business data or personal information to unauthorized entities by voice email, smartphone, VoIP or old-fashioned landline phone. 

Whaling Attack /Executive Phishing  

Whaling is a highly targeted phishing attack aimed at highly privileged account holders and decision-making executives. Sometimes called Executive Phishing, whaling is a type of phishing attack that combines elements of spear phishing and social engineering to entice a privileged individual into providing cybercriminals with money, information, credentials, passwords, permissions, formulas, codes, account numbers or access to other sensitive business assets. Sometimes this technique is also used to deploy ransomware or other malware.  

Zero-Day Threat 

A zero-day threat is a brand new, freshly discovered or undiscovered threat. These threats are generally previously unknown and undocumented.  This kind of flaw is inherent in software that operates within a strict, static set of parameters that requires fixes, updates, and threat intelligence to be loaded manually. Zero Day threats are typically neutralized by software patches or configuration changes and can be very complex to manage (and very likely for cybercriminals to find and exploit).  

Add to your security team without adding to your headcount! LEARN MORE>>

Stop Worrying About Phishing! Put Graphus Automated Email Security on the Job for AI-Powered, Always-On Smart Protection from Today’s Biggest Threat At a Price You’ll Love.

If you’ve got Graphus, you’re protected against most common phishing attacks. Graphus spots and stops 40% more phishing emails than the competition and crushes old-fashioned SEGs. Why spend your valuable time (or your IT staff’s) on phishing when you could spend it growing your business. Let the AI-powered patented Graphus algorithm do all the work. And, if you don’t have Graphus, what are you waiting for?

Let’s talk about how you’ll benefit from automated phishing defense with Graphus! SCHEDULE A DEMO>>