Cybersecurity glossary
Essential definitions to understand phishing, email security, and business cybersecurity.
B
BEC (Business Email Compromise)
Fraud through professional email compromise. The attacker gains access to a legitimate email account or impersonates an executive to request wire transfers, change vendor banking details, or exfiltrate data. BEC accounts for the highest financial losses of all forms of cybercrime according to the FBI.
BIMI (Brand Indicators for Message Identification)
An email standard that displays the sender's verified logo in the recipient's inbox. BIMI requires a strict DMARC policy and a VMC (Verified Mark Certificate). It builds recipient trust and reduces the risk of them falling for phishing that spoofs your brand.
C
Credential stuffing
An automated attack that mass-tests stolen username/password pairs from data breaches against other online services. The attack exploits the fact that many users reuse the same passwords across multiple sites.
D
DKIM (DomainKeys Identified Mail)
A protocol that adds a cryptographic signature to outgoing emails, allowing the receiving server to verify that the message has not been altered in transit and actually originates from the claimed domain. DKIM works alongside SPF.
DMARC (Domain-based Message Authentication)
A protocol built on SPF and DKIM that tells receiving servers how to handle emails that fail authentication: accept, quarantine, or reject them. A strict DMARC policy (p=reject) is the best protection against domain spoofing.
G
GDPR (General Data Protection Regulation)
The European regulation governing the processing of personal data. In the event of a data breach following a phishing attack, GDPR requires notifying the supervisory authority within 72 hours and affected individuals. Penalties can reach €20 million or 4% of global annual revenue.
M
Malware
An umbrella term for all malicious software: viruses, worms, trojans, ransomware, spyware, keyloggers. Malware can be distributed through email (booby-trapped attachments), drive-by downloads, or infected USB drives.
MFA (Multi-Factor Authentication)
A security method requiring two or more forms of identity verification to access an account: something the user knows (password), has (phone, physical key), or is (biometrics). MFA blocks the majority of phishing attempts even if the password is compromised.
N
NIS2 (Network and Information Security Directive)
A European cybersecurity directive that took effect in October 2024, extending security obligations to more organizations and sectors. NIS2 mandates risk management measures, incident reporting, and staff training, with penalties of up to €10 million or 2% of annual revenue.
P
Phishing
An online fraud technique involving deceptive emails, SMS, or messages that impersonate a trusted source (bank, vendor, colleague) to trick the victim into revealing sensitive information, clicking a malicious link, or making a wire transfer. Phishing is the leading cause of cyberattacks: 91% of security incidents begin with a fraudulent email.
Q
Quishing
QR code phishing (QR + phishing). The attacker replaces a legitimate QR code with a malicious one that redirects to a credential-stealing site. Rising sharply since 2024, quishing bypasses traditional email filters because the malicious link is encoded within the QR code image.
R
Ransomware
Malicious software that encrypts a system's files and demands a ransom to decrypt them. Ransomware often spreads through phishing emails containing a booby-trapped attachment. The average cost of a ransomware attack for a French SMB exceeds €150,000, including the ransom, business disruption, and recovery.
S
Spear phishing
A targeted variant of phishing where the attacker personalizes the message using specific information about the victim (name, job title, current projects) to make the attack more convincing. Unlike mass phishing, spear phishing targets a specific person or small group, with a significantly higher success rate.
Smishing
SMS-based phishing (SMS + phishing). The attacker sends a text message containing a malicious link, often impersonating a postal service, health insurance, or delivery company. SMS messages have a 98% open rate, making this an extremely effective attack vector.
SPF (Sender Policy Framework)
An email authentication protocol that allows a domain owner to specify which mail servers are authorized to send emails on its behalf. A properly configured SPF record prevents your domain from being spoofed in fraudulent emails.
SIEM (Security Information and Event Management)
A system that centralizes the collection, analysis, and correlation of security logs from all devices and applications in an organization. A SIEM enables rapid detection of abnormal behavior, such as a compromised account from a phishing attack attempting to access unusual resources.
V
Vishing
Phone-based phishing (voice + phishing). The attacker calls the victim while impersonating a bank, IT support, or vendor. In 2026, voice deepfakes make vishing particularly dangerous: AI can replicate an executive's voice from just a few seconds of audio.
W
Whaling
A form of spear phishing specifically targeting executives and senior management. The attacker impersonates a business partner, lawyer, or another executive to obtain large wire transfers or strategic information. The amounts at stake can reach hundreds of thousands of euros.
Z
Zero Trust
A security model that trusts no user or device by default, even inside the corporate network. Every access is continuously verified, authenticated, and authorized. Zero Trust reduces the impact of a successful phishing attack by limiting lateral movement within the information system.
Deepen your knowledge
Explore our articles and guides to learn more about each topic.
Social engineering
A set of psychological manipulation techniques that exploit human cognitive biases (urgency, authority, reciprocity, scarcity) to push someone into acting against their interest: clicking a link, sharing a password, or making a wire transfer. Phishing is the most common form of social engineering.