A-record
Address Record. An A record maps a domain name to the IP address of the computer hosting the domain. An A record is used to find the IP address of a computer connected to the internet from a name.
A/AAAA Record
IPv4 and IPv6 addresses associated to a hostname.
Abuse Box feed
An email box where users may submit complaints against any concerned domain.
Account suspension
Suspension of fraudulent emails or social media accounts
Accredited domain registrars of a registry
Registrars that are officially recognized by a Registry to provide domain-related services
Advance Fee Fraud/419 Scam/Nigerian 419
An advance-fee scam is a form of fraud and one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears
Air Gap
Having a critical computer or machine in a physically isolated location as well as disconnecting it from the internet.
Angler Phishing
An attack in which the fraudster will masquerade as a customer support representative on social media to send phishing links to customers in order to get their information such as username and password as well as other personal information.
App permissions
An app asking the user to grant permission to be able to execute tasks on thier device without consent or without informing the user.
APT
Advanced Persistent Threats are attacks in which the attacker stays inside the system to spy and steal information rather than penetrate the network to cause damage.
Astroturfing
Astroturfing is abusing the power of customer reviews on sites like Yelp, Facebook, Amazon and others. Either a place of business will post rave reviews from fake customers about their product, or a business will post bad reviews about a competitor.
Back links
A backlink is any link received by a web node (web page, directory, website, or top level domain) from another web node.
Bastion host
A host with very few services/applications running on it, usually put between the internal network and the internet. This point acts as a proxy and is the only entry point to the internal network.
BGP
Border Gateway Protocol used to exchange information about routing between AS Numbers.
BGP peers
When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
BGP route
When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
BIN
Bank Identification Number. Which is the starting digits of a credit card, most commonly 6 or 8 digits.
Bitsquatting
Refers to the registration of a domain names one bit different than a popular domain. The name comes from typo-squatting: the act of registering domain names one key press different than a popular domain.
Black Hat SEO
In search engine optimization (SEO) terminology, Black Hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.
Blackbox Testing - Whitebox testing - Graybox Testing
The hacker does not know the in/outs of the IT infrastructure. Usually launches a full scale brute force attack to reveal vulnerabilities. Can be very time consuming.
Blended Attack
A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.
Botnet
Botnet comprises of multiple Internet-connected devices, each of which is running one or more bots. Botnets may be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.
Brand Casting
Promoting a brand, product or service by streaming video of events, product demonstrations and other offline experiences through online media channels.
Brand Infringement
Brand infringement is an encroachment, violation, misappropriation, and/or disparagement of a message, identity, goodwill, talent, work, products, and intellectual property rights of a brand.
Brand jacking
Activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity.
Bullet proof hosting
Bulletproof hosting (sometimes known as bulk-friendly hosting) is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute.
Business email compromise (BEC)
Business email compromise (BEC) scams that attempt to trick senior staff at medium and large corporations into transferring large sums of money typically rely on the same formats - either compromising the CEO's account, spoofing the CEO's email address, or using a form of typo-squatting where the email address uses a domain which resembles the targeted company's actual domain
C&C Command and Control
Command and control refers to the main server used by a DDoS attacker to control the botnets used in a DDoS attack.
CC-TLD
Country Code Top Level Domain. It is a top level domain that is reserved for a country/territory.
Cease & Desist
A document sent to an individual or business to halt purportedly unlawful activity ("cease") and not take it up again later ("desist")
Clear Web
The unencrypted part of the internet which is accessible by everyone using standard browsers.
CNAME Record
Canonical Name record used to specify a hostname that is an alias for another hostname.
CVE
Common Vulnerabilities and Exposures is a database that contains all known vulnerabilities. These vulnerabilities have been tagged by a specific code such as: CVE-2019-5736
Cyber espionage
The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.
Cyber War
The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization.
Cybersquatting
Cybersquatting is the practice of registering domains identical or similar to a third party company name or trade mark.
Dark Web
An encrypted network that is not indexed by normal search engines. Can only be accessed using specialized software. Dark Web is a small part of the Deep Web
Data leakage
Confidential data being published anywhere on the internet inclusive of Email addresses
DDoS
A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Distributed denial-of-service attacks are sent by two or more persons, or bots, whereas denial-of-service attacks are sent by one person or system.
De-indexing in search engines
Removing fradulent sites from search engine rankings
Deep Web
Parts of the world wide web which have not been indexed by search engines as they are encrypted.
Defacement
Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
Defang URL
The process of rewriting the URL into a form that cannot be clicked.
Defensive (Domain) Registration
Defensive Registration refers to registering domain names, often across multiple TLDs and in varied grammatical formats, for the primary purpose of protecting intellectual property or trademark from abuse, such as cybersquatting.
Delist domains from RBLs
Removing links/emails from Blackhole list
Dilution
False data is submitted to phish sites to dilute the quality of information collected by the phisher
DKIM
DomainKeys Identified Mail (DKIM) allows senders to associate a hidden signature with their emails, allowing receiving mailservers to verify their authenticity.
DMARC
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a mechanism used to aid validating emails, prevent spoofing, and provide reporting.
DMCA
The Digital Millennium Copyright Act is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization. It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works.
DNS poisoning
DNS spoofing (or DNS cache poisoning) is an attack whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer.
Dolphin Attack
An attack where hackers use ultrasonic frequencies to launch a voice command to phones to unlock them and steal information.
Domain suspension
Reporting a fraudulent domain to a domain authority and requesting its suspension
Domain Validation certificate
Is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain
Doppelganger domain
A doppelganger domain is similar to typosquatting domain. It is a domain which is missing "." (dot) in a domain name. For example, an instance of Doppelganger domain for mail.google.com is mailgoogle.com (notice the missing dot). When the content on these domain matches branding and content of the original website, users are not able to tell the difference and are more likely to be tricked by an attacker (e.g., for credential harvesting or financial fraud).
DoS
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
Downgrade Attack
An attack in which the victim is negotiated into using older and more vulnerable security protocols, making it easier for the attacker to launch the attack.
Doxing
Doxing simply refers to the process of publishing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet for malicious purposes.
Drive by malware
Malware delivery technique that is triggered simply because the user visited a website.
Email Wire Fraud
The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.
Extended validation certificate
An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package
Fast Flux
Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
Form Grabber
Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.
GDPR
General Data Protection Regulation is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states
Graybox testing
Attacker has partial knowledge/access, and can focus on specific weaknesses and discover more as he moves along.
Impersonation
Act of pretending to be another person for the purpose of entertainment or fraud.
Inference Attack
An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
Inframe hijacking
Hijacking nested browsing context, effectively embedding another HTML page into the current page.
Job Scam
Scammers trick victims into handing over their money by offering a 'guaranteed' way to make fast money or a high-paying job for little effort
Mail bounce back feed
Mail bounce back are system generated files when emails are not sent due to a wrong email or there is an inbox space issue.
MITB (Man in the browser)
A proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.
MITM (Man in the middle)
Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
MX Preference
The lower the preference, the higher the priority a mail server has to recieve mail.
MX Record
States which mail servers accept incoming mail for a domain.
Nameserver
States which nameservers handle queries about the location of a domain name.
Pagejacking
If you click on a link and find yourself at an unexpected website, you may have been ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. The fake site could contain unwanted or offensive material. As an online merchant trading via a website, you need to know that your site isn’t being stolen in this way. Unfortunately you can’t prevent pagejacking; you can only deal with it after you know it’s a problem.
Passive honey pot
A method of acquiring spam for analysis, via planting of bogus email addresses which are rigged to forward emails to a specific mailbox.
Password Spraying
It is an advanced brute-force technique that attempts to attack multiple user accounts with commonly used passwords
Pay Per Click (PPC)
An internet advertising model used to direct traffic to websites, in which advertisers pay the publishers
Pharming
DNS poisoning to redirect legitimate internet traffic of your websites to a fraudulent page
Phish tagging
Phish tagging allows banks to understand how attackers use the phished data. Banks can create fake customer accounts and share the credentials with CTM360. CTM360 uses these credentials on phishing sites targeting that bank and then the bank can observe what the attacker does with the phished data.
Phishing
Webpage impersonating the client with the objective of collecting their customers' information
Phishing Kits
Phishing kits are kits provided by hackers for people with basic computer skills to launch phishing attacks. The kit includes several items which make launching a wide scale phishing attack easy such as spamming software, source code, and script to launch the attack.
Polymorphic Virus
A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.
Potentially Unwanted Program
PUP is a program that piggybacks software downloaded by the user. It is an unwanted program that downloads with the user's consent such as spyware, adware, or toolbars for browsers.
Privilege Escalation
An attack in which the user will attempt to exploit bugs in the system allowing them to reach and use resources which should not be accessed by them.
PTR Record
The pointer record status of a configured IP address to have a reverse DNS value to point to the associated host.
RBL
Real-time Blackhole List (RBL) is a service where users can check whether an IP address/domain is on a known blacklist.
Reclaim Accounts
A process to regain control over a hijacked account
Red Team - Blue Team
An exercise in which a system's security is tested by security experts. Red team is in charge of attacking and gaining access/control of an objective while the blue team is responsible for defending it. This exercise is meant to test the system and reveal vulnerabilites and measure the readiness of the security team responsible for defending it.
Reserved domains
Domain has been reserved via the dropcatcher service. Incase the user decides not to renew the domain, another person can take it.
Root Zone
Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.
Safebrowsing Warning
Providing security vendors fraudulent IP and Domains to be blocked in real-time through browsers, email firewalls, ISPs, proxies and any other relevant security products
Scareware
A form of social engineering where victims are tricked into thinking that their device is infected with a virus, encouraging them to download an anti virus software, which in fact is malicious.
Search Engine Optimization SEO
The process of affecting the visibility of a website or a web page in a search engine's unpaid results
Search Engine ranking
Refers to the position at which a particular site appears in the results of a search engine query
Shadow IT
Or Stealth IT, is a term often used to describe information-technology assets without explicit IT approval.
Shutdown
Shutting down of Content and Websites related to Phishing Activities. Asking host to takedown certain content
Skill Squatting
An attack which takes advantage of speech recognition systems' errors. Example: A person with bad intent can create a malicious mobile application called Ramazon. When a user tries to install Amazon application on their phone using voice commands, the voice recognition system might hear "Ramazon" instead of "Amazon" and end up downloading the malicious application.
Smishing
SMS as the carrier of Phish URL
SOA
Start of Authority record containing administrative information about the resided zone and zone transfers.
Social Media Fraud
Suspicious Profiles on any social media websites that have association with the client
Socialbots
Socialbots are softwares programmed to behave like humans on social media by posting pictures, retweeting, and even chatting with people. Socialbots can be used for malicious purposes such as distorting public opinion during political campaigns, marketing, and spreading scams.
Spear Phishing
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
SPF
Sender Policy Framework (SPF) helps prevent spoofing emails of the host by granting specified servers or IP addresses authorization to send emails from the host.
Steganography
It is a technique used to hide the existence of a message, files, or any other information. For example, hiding a text message inside an image file to avoid being discovered (Data hidden within data).
Suspicious Mobile App
Mobile App published on the internet claiming to be published by client's organization
Takedown
Removal of content (full website or profile) that affects a brand or individual including cybersquatting.
Text sharing sites
Websites that provide online storage of text, similar to an online Notepad. Often, a source for copywrite infringement
TLD
Top-level domain (TLD) refers to the last segment of a domain name, or the part that follows immediately after the "dot" symbol
Trademark
Any word, name, symbol, or design, or any combination thereof, used in commerce to identify and distinguish the goods of one manufacturer or seller
TRAP10
Binary Trading (commonly also known as Binary Options Trading or Binary Options) is a type of option where the trader takes a yes or no position on the price of a stock or other assets, with the resulting payoff being all or nothing. Questionable activities such as brand infringement, unregistered establishments, identity theft, misrepresentation of potential gains and back-end manipulation of software to cheat users is common in the name of BOT. As there does not appear to be an explicit legal framework to govern binary trading, online companies continue to operate and trap victims. This type of scam is known as TRAP10.
TTPs
Tactics (or Tools), Techniques, and Procedures is the behavior of attackers or adversaries in the cyber space. TTPs are usually deeply analyzed to understand how the adversary works and how to expect and prepare for future attacks.
Twishing
Twishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.
Unauthorized Association
Declaring affiliation to a company or individual without consent
Unauthorized Job posting
Posting a job declaring affiliation to a company or individual without consent
Unified Threat Management
UTM is a software or hardware that combines several network security functions such as IDS/IPS, VPN, Firewall, Gateway Anti-Virus and others under one platform, making it easier to manage and monitor through a single interface.
URL redirection attack
A URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.
URL shortening
Is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page.
VeriSign
Service provider of domain names
Vishing
Vishing (voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone
Watering hole attack
An attack strategy targeting a large group of individuals by observing the websites most visited and infecting them with malware
Web Skimmer
Web skimming is when a malicious code is inserted into a payment page. Whenever the customer attempts to pay online, the malicious code will steal the payment information (card number, expiry date, holder namer, security code...) and send it to the attacker.
Whaling
Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.
Whitebox Testing
attacker has full knowledge and access to the source code and infrastructure. A more thorough test can be performed in this type of pen testing.
WHOIS
A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name. Typically, each Whois record will contain information such as the name and contact information of the Registrant , the name and contact information of the registrar, the registration dates, the name servers, the most recent update, and the expiration date.
WRLA
Web Referral Log Analyzer: This is a simple tool, used for the early detection of Phish attacks. This tool extracts Suspicious URLs from the web server's referral logs, compares it with white list & sends the rest of the URL' to a specified email.
Zero-Day Vulnerability
A vulnerability in the system that the developer does not know about. These vulnerabilites are difficult to detect as they do not have a signature which anti malware or intrusion prevention systems depend on to find vulnerabilities. The vulnerability is called Zero-Day because it takes zero days for the first attack to occur since the vulnerability has been made public.
Zone files
A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR)
