Глосарій кібербезпеки
20 основних термінів кібербезпеки, пояснених зрозумілою мовою. Дізнайтеся про фішинг, смішинг, соціальну інженерію та інше.
B
BEC (Business Email Compromise)
A sophisticated scam targeting businesses that conduct wire transfers. Criminals compromise or impersonate business email accounts to request fraudulent payments. BEC has caused over $50 billion in losses globally.
Приклад
An attacker gains access to a supplier's email and sends invoices with updated bank details to the victim company.
C
CEO Fraud
A type of BEC where attackers impersonate a company's CEO or other high-ranking executive to trick employees into transferring money or sharing sensitive data.
Приклад
An email from "the CEO" to an accountant: "I need you to process this payment immediately. Keep it confidential."
D
DMARC
Domain-based Message Authentication, Reporting, and Conformance — an email authentication protocol that builds on SPF and DKIM to protect against email spoofing. It allows domain owners to specify how unauthenticated emails should be handled.
DKIM
DomainKeys Identified Mail — an email authentication method that allows the sender to digitally sign emails. The receiving server can verify the signature to ensure the email hasn't been tampered with in transit.
E
I
IOC (Indicator of Compromise)
Evidence that a security breach has occurred. IOCs include malicious IP addresses, domain names, URLs, file hashes, and email addresses used in attacks. Security tools like Luminir use IOC databases to detect known threats.
M
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to a computer system. Types include viruses, ransomware, trojans, spyware, and worms. Phishing emails are a primary delivery method for malware.
P
Phishing
A cyberattack where criminals impersonate legitimate organizations via email, text, or websites to steal sensitive information such as passwords, credit card numbers, or personal data. Phishing is the most common form of social engineering attack.
Приклад
An email pretending to be from your bank asking you to "verify your account" by clicking a link that leads to a fake website.
Pretexting
A social engineering technique where the attacker creates a fabricated scenario (pretext) to engage the victim and steal information. The attacker researches the target to build a convincing story.
Приклад
Someone calling an employee claiming to be from HR, asking for their social security number for "payroll verification".
Q
Quishing
QR code phishing — a phishing technique where malicious URLs are embedded in QR codes. When scanned, the QR code redirects victims to fake websites designed to steal credentials.
Приклад
A fake parking meter sticker with a QR code that leads to a payment page designed to steal your credit card information.
R
Ransomware
A type of malware that encrypts the victim's files and demands a ransom payment for the decryption key. Often delivered via phishing emails with malicious attachments or links.
Приклад
An email attachment that, when opened, encrypts all files on the computer and displays a ransom demand in Bitcoin.
S
Spear Phishing
A targeted phishing attack directed at a specific individual or organization. Unlike mass phishing, spear phishing uses personal information about the target to make the message more convincing.
Приклад
An email addressing you by name, referencing your company and job title, asking you to approve a fake invoice.
Smishing
SMS phishing — a form of phishing that uses text messages (SMS) to trick victims into clicking malicious links or revealing personal information. The term combines "SMS" and "phishing".
Приклад
A text message claiming to be from a delivery service: "Your package couldn't be delivered. Track it here: [malicious link]".
SPF (Sender Policy Framework)
An email authentication method that specifies which mail servers are authorized to send emails on behalf of a domain. SPF helps prevent email spoofing by allowing receiving servers to verify the sender.
T
Threat Intelligence
Information about current and potential cyber threats, collected and analyzed to help organizations understand risks and make informed security decisions. Includes data about attack methods, malicious actors, and indicators of compromise.
Two-Factor Authentication (2FA)
A security method requiring two different forms of verification to access an account: something you know (password) and something you have (phone, security key). 2FA significantly reduces the risk of account compromise from phishing.
V
Vishing
Voice phishing — a social engineering attack conducted via phone calls. Attackers impersonate legitimate entities like banks, government agencies, or tech support to extract sensitive information.
Приклад
A phone call from someone claiming to be your bank's fraud department, asking you to confirm your account number.
W
Whaling
A spear phishing attack specifically targeting senior executives (CEO, CFO, etc.). These attacks are highly personalized and often involve fake urgent requests related to company operations.
Приклад
An email appearing to come from the CEO asking the CFO to urgently wire money to a "new vendor" account.
Z
Zero-Day Attack
An attack that exploits a previously unknown vulnerability in software. Called "zero-day" because developers have had zero days to create a patch. These attacks are particularly dangerous because no defense exists yet.
Social Engineering
The psychological manipulation of people into performing actions or divulging confidential information. It exploits human nature — trust, fear, urgency, curiosity — rather than technical vulnerabilities.
Приклад
A caller pretending to be IT support asking an employee for their password to "fix a system issue".