Glossary

  • A-record

    Address Record. An A record maps a domain name to the IP address of the computer hosting the domain. An A record is used to find the IP address of a computer connected to the internet from a name.

  • A/AAAA Record

    IPv4 and IPv6 addresses associated to a hostname.

  • Abuse Box feed

    An email box where users may submit complaints against any concerned domain.

  • Account suspension

    Suspension of fraudulent emails or social media accounts

  • Accredited domain registrars of a registry

    Registrars that are officially recognized by a Registry to provide domain-related services

  • Advance Fee Fraud/419 Scam/Nigerian 419

    An advance-fee scam is a form of fraud and one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears

  • Air Gap

    Having a critical computer or machine in a physically isolated location as well as disconnecting it from the internet.

  • Angler Phishing

    An attack in which the fraudster will masquerade as a customer support representative on social media to send phishing links to customers in order to get their information such as username and password as well as other personal information.

  • App permissions

    An app asking the user to grant permission to be able to execute tasks on thier device without consent or without informing the user.

  • APT

    Advanced Persistent Threats are attacks in which the attacker stays inside the system to spy and steal information rather than penetrate the network to cause damage.

  • Astroturfing

    Astroturfing is abusing the power of customer reviews on sites like Yelp, Facebook, Amazon and others. Either a place of business will post rave reviews from fake customers about their product, or a business will post bad reviews about a competitor.

  • Back links

    A backlink is any link received by a web node (web page, directory, website, or top level domain) from another web node.

  • Bastion host

    A host with very few services/applications running on it, usually put between the internal network and the internet. This point acts as a proxy and is the only entry point to the internal network.

  • BGP

    Border Gateway Protocol used to exchange information about routing between AS Numbers.

  • BGP peers

    When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

  • BGP route

    When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

  • BIN

    Bank Identification Number. Which is the starting digits of a credit card, most commonly 6 or 8 digits.

  • Bitsquatting

    Refers to the registration of a domain names one bit different than a popular domain. The name comes from typo-squatting: the act of registering domain names one key press different than a popular domain.

  • Black Hat SEO

    In search engine optimization (SEO) terminology, Black Hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.

  • Blackbox Testing - Whitebox testing - Graybox Testing

    The hacker does not know the in/outs of the IT infrastructure. Usually launches a full scale brute force attack to reveal vulnerabilities. Can be very time consuming.

  • Blended Attack

    A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.

  • Botnet

    Botnet comprises of multiple Internet-connected devices, each of which is running one or more bots. Botnets may be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.

  • Brand Casting

    Promoting a brand, product or service by streaming video of events, product demonstrations and other offline experiences through online media channels.

  • Brand Infringement

    Brand infringement is an encroachment, violation, misappropriation, and/or disparagement of a message, identity, goodwill, talent, work, products, and intellectual property rights of a brand.

  • Brand jacking

    Activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity.

  • Bullet proof hosting

    Bulletproof hosting (sometimes known as bulk-friendly hosting) is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute.

  • Business email compromise (BEC)

    Business email compromise (BEC) scams that attempt to trick senior staff at medium and large corporations into transferring large sums of money typically rely on the same formats - either compromising the CEO's account, spoofing the CEO's email address, or using a form of typo-squatting where the email address uses a domain which resembles the targeted company's actual domain

  • C&C Command and Control

    Command and control refers to the main server used by a DDoS attacker to control the botnets used in a DDoS attack.

  • CC-TLD

    Country Code Top Level Domain. It is a top level domain that is reserved for a country/territory.

  • Cease & Desist

    A document sent to an individual or business to halt purportedly unlawful activity ("cease") and not take it up again later ("desist")

  • Clear Web

    The unencrypted part of the internet which is accessible by everyone using standard browsers.

  • CNAME Record

    Canonical Name record used to specify a hostname that is an alias for another hostname.

  • CVE

    Common Vulnerabilities and Exposures is a database that contains all known vulnerabilities. These vulnerabilities have been tagged by a specific code such as: CVE-2019-5736

  • Cyber espionage

    The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.

  • Cyber War

    The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization.

  • Cybersquatting

    Cybersquatting is the practice of registering domains identical or similar to a third party company name or trade mark.

  • Dark Web

    An encrypted network that is not indexed by normal search engines. Can only be accessed using specialized software. Dark Web is a small part of the Deep Web

  • Data leakage

    Confidential data being published anywhere on the internet inclusive of Email addresses

  • DDoS

    A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Distributed denial-of-service attacks are sent by two or more persons, or bots, whereas denial-of-service attacks are sent by one person or system.

  • De-indexing in search engines

    Removing fradulent sites from search engine rankings

  • Deep Web

    Parts of the world wide web which have not been indexed by search engines as they are encrypted.

  • Defacement

    Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.

  • Defang URL

    The process of rewriting the URL into a form that cannot be clicked.

  • Defensive (Domain) Registration

    Defensive Registration refers to registering domain names, often across multiple TLDs and in varied grammatical formats, for the primary purpose of protecting intellectual property or trademark from abuse, such as cybersquatting.

  • Delist domains from RBLs

    Removing links/emails from Blackhole list

  • Dilution

    False data is submitted to phish sites to dilute the quality of information collected by the phisher

  • DKIM

    DomainKeys Identified Mail (DKIM) allows senders to associate a hidden signature with their emails, allowing receiving mailservers to verify their authenticity.

  • DMARC

    Domain-based Message Authentication, Reporting and Conformance (DMARC) is a mechanism used to aid validating emails, prevent spoofing, and provide reporting.

  • DMCA

    The Digital Millennium Copyright Act is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization. It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works.

  • DNS poisoning

    DNS spoofing (or DNS cache poisoning) is an attack whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer.

  • Dolphin Attack

    An attack where hackers use ultrasonic frequencies to launch a voice command to phones to unlock them and steal information.

  • Domain suspension

    Reporting a fraudulent domain to a domain authority and requesting its suspension

  • Domain Validation certificate

    Is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain

  • Doppelganger domain

    A doppelganger domain is similar to typosquatting domain. It is a domain which is missing "." (dot) in a domain name. For example, an instance of Doppelganger domain for mail.google.com is mailgoogle.com (notice the missing dot). When the content on these domain matches branding and content of the original website, users are not able to tell the difference and are more likely to be tricked by an attacker (e.g., for credential harvesting or financial fraud).

  • DoS

    In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

  • Downgrade Attack

    An attack in which the victim is negotiated into using older and more vulnerable security protocols, making it easier for the attacker to launch the attack.

  • Doxing

    Doxing simply refers to the process of publishing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet for malicious purposes.

  • Drive by malware

    Malware delivery technique that is triggered simply because the user visited a website.

  • Email Wire Fraud

    The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.

  • Extended validation certificate

    An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package

  • Fast Flux

    Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

  • Form Grabber

    Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.

  • GDPR

    General Data Protection Regulation is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states

  • Graybox testing

    Attacker has partial knowledge/access, and can focus on specific weaknesses and discover more as he moves along.

  • Impersonation

    Act of pretending to be another person for the purpose of entertainment or fraud.

  • Inference Attack

    An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.

  • Inframe hijacking

    Hijacking nested browsing context, effectively embedding another HTML page into the current page.

  • Job Scam

    Scammers trick victims into handing over their money by offering a 'guaranteed' way to make fast money or a high-paying job for little effort

  • Mail bounce back feed

    Mail bounce back are system generated files when emails are not sent due to a wrong email or there is an inbox space issue.

  • MITB (Man in the browser)

    A proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

  • MITM (Man in the middle)

    Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

  • MX Preference

    The lower the preference, the higher the priority a mail server has to recieve mail.

  • MX Record

    States which mail servers accept incoming mail for a domain.

  • Nameserver

    States which nameservers handle queries about the location of a domain name.

  • Pagejacking

    If you click on a link and find yourself at an unexpected website, you may have been ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. The fake site could contain unwanted or offensive material. As an online merchant trading via a website, you need to know that your site isn’t being stolen in this way. Unfortunately you can’t prevent pagejacking; you can only deal with it after you know it’s a problem.

  • Passive honey pot

    A method of acquiring spam for analysis, via planting of bogus email addresses which are rigged to forward emails to a specific mailbox.

  • Password Spraying

    It is an advanced brute-force technique that attempts to attack multiple user accounts with commonly used passwords

  • Pay Per Click (PPC)

    An internet advertising model used to direct traffic to websites, in which advertisers pay the publishers

  • Pharming

    DNS poisoning to redirect legitimate internet traffic of your websites to a fraudulent page

  • Phish tagging

    Phish tagging allows banks to understand how attackers use the phished data. Banks can create fake customer accounts and share the credentials with CTM360. CTM360 uses these credentials on phishing sites targeting that bank and then the bank can observe what the attacker does with the phished data.

  • Phishing

    Webpage impersonating the client with the objective of collecting their customers' information

  • Phishing Kits

    Phishing kits are kits provided by hackers for people with basic computer skills to launch phishing attacks. The kit includes several items which make launching a wide scale phishing attack easy such as spamming software, source code, and script to launch the attack.

  • Polymorphic Virus

    A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.

  • Potentially Unwanted Program

    PUP is a program that piggybacks software downloaded by the user. It is an unwanted program that downloads with the user's consent such as spyware, adware, or toolbars for browsers.

  • Privilege Escalation

    An attack in which the user will attempt to exploit bugs in the system allowing them to reach and use resources which should not be accessed by them.

  • PTR Record

    The pointer record status of a configured IP address to have a reverse DNS value to point to the associated host.

  • RBL

    Real-time Blackhole List (RBL) is a service where users can check whether an IP address/domain is on a known blacklist.

  • Reclaim Accounts

    A process to regain control over a hijacked account

  • Red Team - Blue Team

    An exercise in which a system's security is tested by security experts. Red team is in charge of attacking and gaining access/control of an objective while the blue team is responsible for defending it. This exercise is meant to test the system and reveal vulnerabilites and measure the readiness of the security team responsible for defending it.

  • Reserved domains

    Domain has been reserved via the dropcatcher service. Incase the user decides not to renew the domain, another person can take it.

  • Root Zone

    Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.

  • Safebrowsing Warning

    Providing security vendors fraudulent IP and Domains to be blocked in real-time through browsers, email firewalls, ISPs, proxies and any other relevant security products

  • Scareware

    A form of social engineering where victims are tricked into thinking that their device is infected with a virus, encouraging them to download an anti virus software, which in fact is malicious.

  • Search Engine Optimization SEO

    The process of affecting the visibility of a website or a web page in a search engine's unpaid results

  • Search Engine ranking

    Refers to the position at which a particular site appears in the results of a search engine query

  • Shadow IT

    Or Stealth IT, is a term often used to describe information-technology assets without explicit IT approval.

  • Shutdown

    Shutting down of Content and Websites related to Phishing Activities. Asking host to takedown certain content

  • Skill Squatting

    An attack which takes advantage of speech recognition systems' errors. Example: A person with bad intent can create a malicious mobile application called Ramazon. When a user tries to install Amazon application on their phone using voice commands, the voice recognition system might hear "Ramazon" instead of "Amazon" and end up downloading the malicious application.

  • Smishing

    SMS as the carrier of Phish URL

  • SOA

    Start of Authority record containing administrative information about the resided zone and zone transfers.

  • Social Media Fraud

    Suspicious Profiles on any social media websites that have association with the client

  • Socialbots

    Socialbots are softwares programmed to behave like humans on social media by posting pictures, retweeting, and even chatting with people. Socialbots can be used for malicious purposes such as distorting public opinion during political campaigns, marketing, and spreading scams.

  • Spear Phishing

    Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

  • SPF

    Sender Policy Framework (SPF) helps prevent spoofing emails of the host by granting specified servers or IP addresses authorization to send emails from the host.

  • Steganography

    It is a technique used to hide the existence of a message, files, or any other information. For example, hiding a text message inside an image file to avoid being discovered (Data hidden within data).

  • Suspicious Mobile App

    Mobile App published on the internet claiming to be published by client's organization

  • Takedown

    Removal of content (full website or profile) that affects a brand or individual including cybersquatting.

  • Text sharing sites

    Websites that provide online storage of text, similar to an online Notepad. Often, a source for copywrite infringement

  • TLD

    Top-level domain (TLD) refers to the last segment of a domain name, or the part that follows immediately after the "dot" symbol

  • Trademark

    Any word, name, symbol, or design, or any combination thereof, used in commerce to identify and distinguish the goods of one manufacturer or seller

  • TRAP10

    Binary Trading (commonly also known as Binary Options Trading or Binary Options) is a type of option where the trader takes a yes or no position on the price of a stock or other assets, with the resulting payoff being all or nothing. Questionable activities such as brand infringement, unregistered establishments, identity theft, misrepresentation of potential gains and back-end manipulation of software to cheat users is common in the name of BOT. As there does not appear to be an explicit legal framework to govern binary trading, online companies continue to operate and trap victims. This type of scam is known as TRAP10.

  • TTPs

    Tactics (or Tools), Techniques, and Procedures is the behavior of attackers or adversaries in the cyber space. TTPs are usually deeply analyzed to understand how the adversary works and how to expect and prepare for future attacks.

  • Twishing

    Twishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.

  • Unauthorized Association

    Declaring affiliation to a company or individual without consent

  • Unauthorized Job posting

    Posting a job declaring affiliation to a company or individual without consent

  • Unified Threat Management

    UTM is a software or hardware that combines several network security functions such as IDS/IPS, VPN, Firewall, Gateway Anti-Virus and others under one platform, making it easier to manage and monitor through a single interface.

  • URL redirection attack

    A URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.

  • URL shortening

    Is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page.

  • VeriSign

    Service provider of domain names

  • Vishing

    Vishing (voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone

  • Watering hole attack

    An attack strategy targeting a large group of individuals by observing the websites most visited and infecting them with malware

  • Web Skimmer

    Web skimming is when a malicious code is inserted into a payment page. Whenever the customer attempts to pay online, the malicious code will steal the payment information (card number, expiry date, holder namer, security code...) and send it to the attacker.

  • Whaling

    Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

  • Whitebox Testing

    attacker has full knowledge and access to the source code and infrastructure. A more thorough test can be performed in this type of pen testing.

  • WHOIS

    A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name. Typically, each Whois record will contain information such as the name and contact information of the Registrant , the name and contact information of the registrar, the registration dates, the name servers, the most recent update, and the expiration date.

  • WRLA

    Web Referral Log Analyzer: This is a simple tool, used for the early detection of Phish attacks. This tool extracts Suspicious URLs from the web server's referral logs, compares it with white list & sends the rest of the URL' to a specified email.

  • Zero-Day Vulnerability

    A vulnerability in the system that the developer does not know about. These vulnerabilites are difficult to detect as they do not have a signature which anti malware or intrusion prevention systems depend on to find vulnerabilities. The vulnerability is called Zero-Day because it takes zero days for the first attack to occur since the vulnerability has been made public.

  • Zone files

    A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR)