Cybersecurity glossary
Essential definitions to understand phishing, email security, and business cybersecurity.
A
ARC (Authenticated Received Chain)
A protocol that preserves email authentication results (SPF, DKIM, DMARC) when a message is forwarded or passes through a mailing list. Without ARC, forwarding often breaks the DKIM signature and invalidates SPF, causing an unjustified DMARC failure.
AiTM phishing kits (EvilProxy)
Advanced phishing kits that create a real-time proxy between the victim and the legitimate login page. They capture session tokens after MFA validation, bypassing multi-factor authentication entirely. The victim sees the real login page but the attacker intercepts the session cookie.
B
BEC (Business Email Compromise)
Fraud through professional email compromise. The attacker gains access to a legitimate email account or impersonates an executive to request wire transfers, change vendor banking details, or exfiltrate data. BEC accounts for the highest financial losses of all forms of cybercrime according to the FBI.
BIMI (Brand Indicators for Message Identification)
An email standard that displays the sender's verified logo in the recipient's inbox. BIMI requires a strict DMARC policy and a VMC (Verified Mark Certificate). It builds recipient trust and reduces the risk of them falling for phishing that spoofs your brand.
C
Credential stuffing
An automated attack that mass-tests stolen username/password pairs from data breaches against other online services. The attack exploits the fact that many users reuse the same passwords across multiple sites.
Cyber Kill Chain
A 7-stage model developed by Lockheed Martin describing the phases of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Understanding each stage helps organizations implement targeted defenses.
CISO (Chief Information Security Officer)
The executive responsible for defining and implementing the organization's cybersecurity strategy. The CISO manages risks, defines security policies, oversees incident response, and ensures compliance. In SMBs, this role is often outsourced (vCISO).
D
Deepfake
Audio or video content synthesized by AI to imitate a real person's appearance or voice. In cybersecurity, deepfakes are used for vishing attacks (vocal impersonation of an executive) or CEO fraud via manipulated video calls. The Arup case ($25 million) illustrates the danger for businesses.
DKIM (DomainKeys Identified Mail)
A protocol that adds a cryptographic signature to outgoing emails, allowing the receiving server to verify that the message has not been altered in transit and actually originates from the claimed domain. DKIM works alongside SPF.
DMARC (Domain-based Message Authentication)
A protocol built on SPF and DKIM that tells receiving servers how to handle emails that fail authentication: accept, quarantine, or reject them. A strict DMARC policy (p=reject) is the best protection against domain spoofing.
DLP (Data Loss Prevention)
A set of tools and policies that detect and prevent unauthorized transmission of sensitive data outside the organization. DLP monitors data in use, in motion, and at rest to enforce data protection policies in compliance with GDPR.
DPO (Data Protection Officer)
The person responsible for ensuring GDPR compliance within an organization. The DPO advises on data processing, conducts impact assessments, and serves as the contact point with supervisory authorities. Required for public bodies and organizations processing sensitive data at scale.
E
Email spoofing
An identity fraud technique that falsifies an email's sender address to impersonate someone else. The SMTP protocol doesn't verify sender identity, making spoofing possible without advanced technical skills. SPF, DKIM, and DMARC protocols provide protection against it.
EDR (Endpoint Detection and Response)
A security solution installed on workstations and servers that continuously monitors for suspicious behavior, detects advanced threats, and enables rapid incident response. Unlike traditional antivirus, EDR analyzes behavior patterns rather than relying solely on known signatures.
G
GDPR (General Data Protection Regulation)
The European regulation governing the processing of personal data. In the event of a data breach following a phishing attack, GDPR requires notifying the supervisory authority within 72 hours and affected individuals. Penalties can reach €20 million or 4% of global annual revenue.
H
Human risk in cybersecurity
The probability that an employee's action (clicking a phishing link, sharing credentials, misconfiguring a system) leads to a security incident. The human element is involved in 68% of data breaches according to the Verizon DBIR 2024.
I
IAM (Identity and Access Management)
The set of policies, processes, and technologies that manage digital identities and control access to organizational resources. IAM enforces the principle of least privilege and enables centralized access governance, limiting the impact of accounts compromised through phishing.
L
Lateral phishing
An attack where a compromised internal email account is used to send phishing emails to other employees within the organization. Emails from a real internal address bypass external security filters and are much more convincing.
M
Malware
An umbrella term for all malicious software: viruses, worms, trojans, ransomware, spyware, keyloggers. Malware can be distributed through email (booby-trapped attachments), drive-by downloads, or infected USB drives.
MFA (Multi-Factor Authentication)
A security method requiring two or more forms of identity verification to access an account: something the user knows (password), has (phone, physical key), or is (biometrics). MFA blocks the majority of phishing attempts even if the password is compromised.
MTA-STS (SMTP MTA Strict Transport Security)
A protocol that enforces TLS encryption for emails in transit between servers. Without MTA-STS, an attacker can intercept emails by forcing a fallback to an unencrypted connection (downgrade attack). MTA-STS complements SPF, DKIM, and DMARC by protecting transport, not just sender authentication.
MDR (Managed Detection and Response)
A managed threat detection and response service combining technology (EDR/XDR) with human analysts operating 24/7. MDR gives SMBs outsourced SOC capabilities without having to build an internal security team.
MFA fatigue attack
An attack where the attacker, having obtained valid credentials, repeatedly triggers MFA push notifications until the target approves one out of frustration. Also known as MFA bombing or push notification spam.
N
NIS2 (Network and Information Security Directive)
A European cybersecurity directive that took effect in October 2024, extending security obligations to more organizations and sectors. NIS2 mandates risk management measures, incident reporting, and staff training, with penalties of up to €10 million or 2% of annual revenue.
P
Phishing
An online fraud technique involving deceptive emails, SMS, or messages that impersonate a trusted source (bank, vendor, colleague) to trick the victim into revealing sensitive information, clicking a malicious link, or making a wire transfer. Phishing is the leading cause of cyberattacks: 91% of security incidents begin with a fraudulent email.
Pretexting
A social engineering technique where the attacker creates a fabricated scenario (pretext) to gain the victim's trust and extract information or trigger an action. Unlike mass phishing, pretexting involves building a credible identity and backstory.
Penetration test (Pentest)
A controlled, authorized simulation of a cyberattack against an organization's systems to identify vulnerabilities before real attackers do. Pentests can target infrastructure, applications, or humans (social engineering pentest).
Q
Quishing
QR code phishing (QR + phishing). The attacker replaces a legitimate QR code with a malicious one that redirects to a credential-stealing site. Rising sharply since 2024, quishing bypasses traditional email filters because the malicious link is encoded within the QR code image.
R
Ransomware
Malicious software that encrypts a system's files and demands a ransom to decrypt them. Ransomware often spreads through phishing emails containing a booby-trapped attachment. The average cost of a ransomware attack for a French SMB exceeds €150,000, including the ransom, business disruption, and recovery.
Red Team
A realistic, multi-vector attack simulation exercise where a team of ethical hackers attempts to achieve specific objectives using any combination of technical, physical, and social engineering techniques. Unlike pentests that test specific systems, Red Team tests the organization's overall detection and response capability.
S
Spear phishing
A targeted variant of phishing where the attacker personalizes the message using specific information about the victim (name, job title, current projects) to make the attack more convincing. Unlike mass phishing, spear phishing targets a specific person or small group, with a significantly higher success rate.
Smishing
SMS-based phishing (SMS + phishing). The attacker sends a text message containing a malicious link, often impersonating a postal service, health insurance, or delivery company. SMS messages have a 98% open rate, making this an extremely effective attack vector.
SPF (Sender Policy Framework)
An email authentication protocol that allows a domain owner to specify which mail servers are authorized to send emails on its behalf. A properly configured SPF record prevents your domain from being spoofed in fraudulent emails.
SOC (Security Operations Center)
A dedicated team and facility that monitors, detects, and responds to cybersecurity incidents around the clock. A SOC combines specialized analysts, response processes, and tools (SIEM, EDR) to protect the organization's information systems.
SIEM (Security Information and Event Management)
A system that centralizes the collection, analysis, and correlation of security logs from all devices and applications in an organization. A SIEM enables rapid detection of abnormal behavior, such as a compromised account from a phishing attack attempting to access unusual resources.
Security culture
The shared beliefs, attitudes, and behaviors within an organization that determine how employees think about and act on security matters. A strong security culture means employees proactively protect information out of understanding, not obligation.
Supply chain attack
A cyberattack that targets an organization through its suppliers, partners, or service providers. The attacker compromises a trusted third party to gain access to the ultimate target, exploiting the trust placed in partner emails and software.
SIM swapping
An attack where the attacker convinces a mobile carrier to transfer the victim's phone number to a new SIM card. This allows interception of SMS-based MFA codes, password reset messages, and phone calls.
T
Typosquatting
The practice of registering domain names that closely resemble legitimate domains (typos, similar characters) to trick users. Typosquatted domains are used for phishing, credential theft, or malware distribution.
V
Vishing
Phone-based phishing (voice + phishing). The attacker calls the victim while impersonating a bank, IT support, or vendor. In 2026, voice deepfakes make vishing particularly dangerous: AI can replicate an executive's voice from just a few seconds of audio.
W
Whaling
A form of spear phishing specifically targeting executives and senior management. The attacker impersonates a business partner, lawyer, or another executive to obtain large wire transfers or strategic information. The amounts at stake can reach hundreds of thousands of euros.
X
XDR (Extended Detection and Response)
An extension of EDR that correlates security data from endpoints, email, cloud, network, and identity into a unified platform. XDR eliminates security silos to detect complex attacks such as phishing followed by lateral movement.
Z
Zero Trust
A security model that trusts no user or device by default, even inside the corporate network. Every access is continuously verified, authenticated, and authorized. Zero Trust reduces the impact of a successful phishing attack by limiting lateral movement within the information system.
Deepen your knowledge
Explore our articles and guides to learn more about each topic.
Social engineering
A set of psychological manipulation techniques that exploit human cognitive biases (urgency, authority, reciprocity, scarcity) to push someone into acting against their interest: clicking a link, sharing a password, or making a wire transfer. Phishing is the most common form of social engineering.