Cybersecurity Glossary
Plain-language explanations of phishing, social engineering, and cyber threats. Learn what these attacks look like and how to protect your business.
Phishing Types
Spear Phishing
Spear phishing is a targeted phishing attack that uses personal information about the victim to appear more convincing. Unlike mass phishing, attackers research their targets to craft believable messages.
Whaling
Whaling is a type of phishing attack specifically targeting high-level executives like CEOs, CFOs, and other senior leaders. These attacks are highly personalized and designed to exploit the authority and access these individuals have.
Vishing
Vishing (voice phishing) uses phone calls or voice messages to trick people into revealing sensitive information. Attackers impersonate banks, tech support, government agencies, or company executives to steal credentials, financial information, or authorize fraudulent transactions.
Smishing
Smishing (SMS phishing) uses text messages to trick recipients into clicking malicious links, revealing sensitive information, or downloading malware. These attacks exploit the trust people place in text messages and the urgency of mobile notifications.
Credential Phishing
Credential phishing tricks users into entering their login credentials on fake websites that look identical to legitimate services. Once captured, these credentials give attackers access to email, financial systems, and other sensitive accounts.
Business Fraud
Business Email Compromise (BEC)
Business Email Compromise (BEC) is a type of scam where attackers impersonate executives or trusted partners to trick employees into transferring money or revealing sensitive information. It's one of the most financially damaging cybercrimes.
Invoice Fraud
Invoice fraud involves sending fake or altered invoices to trick businesses into paying money to attackers. Scammers either impersonate legitimate vendors or intercept real invoices and change the payment details.
CEO Fraud
CEO fraud is a type of business email compromise where attackers impersonate a CEO or other executive to trick employees into making wire transfers, sending sensitive data, or taking other actions that benefit the attacker.
Attack Techniques
Pretexting
Pretexting is a social engineering technique where attackers create a fabricated scenario (the 'pretext') to trick victims into providing information or taking actions they normally wouldn't. It's the foundation for many phishing and fraud attacks.
Social Engineering
Social engineering is the use of psychological manipulation to trick people into making security mistakes or giving away sensitive information. It exploits human nature rather than technical vulnerabilities.
Account Takeover
Account takeover (ATO) is when an attacker gains unauthorized access to a user's account, typically through stolen credentials. Once inside, they can steal data, send phishing emails, commit fraud, or move deeper into organizational systems.
Knowledge is Your First Defense
Understanding how attacks work makes them easier to spot. But knowledge alone isn't enough—your team needs practice.
of cyberattacks begin with a phishing email
micro-training when someone clicks a simulated phish
per seat/month to train your entire team
Put Knowledge Into Practice
Reading about phishing helps, but hands-on experience is what builds real protection. Marulk's simulations let your team practice recognizing threats in a safe environment.