• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / 12 email security terms everyone should know about

12 email security terms everyone should know about

by Clare Holmes
February 12, 2018August 16, 2022Filed under:
  • DMARC
  • Email

In the world of cyber and email security, terms can soon become entrenched, and any newcomers can easily be left bewildered by the barrage of new terms to know. So, we’ve compiled a short, jargon-busting, no-nonsense overview of what these email security terms mean that will take you from beginner to boffin.

What is Email Spoofing?

Email Spoofing (or Exact Domain Impersonation) is when an email is created from a fraudulent sender address via exact domain impersonation. It might look like a real email, but that’s because it’s been cleverly designed for you to think so – it arrived in your inbox because the spoofer is using a legitimate email domain without authorization. Most of us have received emails from spoofed domains at some point — banks, councils, or HMRC are some of the most common.

What is Phishing?

Phishing is when an attacker sends an email out to trick the recipient into sharing personal details or clicking on a link. Basic phishing emails are sent out en masse with no specific targets. They bait recipients with offers of money or reward, or they use scaremongering, e.g. a bank account compromise, in a bid to get them clicking a hyperlink or sharing sensitive info.

What is Spear Phishing?

Spear phishing is targeted phishing. The emails target specific, known individuals — employees or customers — in an organization. Spear phishing emails most often mimic emails from within the target organization or a closely linked partner organization, so recipients are more likely to think the sender is legitimate.

What is Whaling?

Like the name suggests, it’s when scammers go for the big guns: a person of professional status like a CEO or senior executive who has access to cash or company secrets. A whaling email will be cleverly crafted to convince a specific recipient to open a link or download a program, for example by duping them into thinking they’ve received a real court summons or serious legal complaint. The email can appear to come from an internal source, not just external, at which point it may also be given the similarly jargonistic term ‘CEO fraud’.

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is an umbrella term used to describe phishing attacks that target an organization
by impersonating its domain. The attacker relies heavily on Social Engineering, and crafts a phishing email designed to look like one from someone inside the business (usually the CEO). The main aim of this type of attack is to steal money or sensitive data. Examples of BEC attacks include Ransomware, CEO Fraud, and Vendor Fraud.

What is Typosquatting?

More dramatically known as ‘URL hijacking’, typosquatting is when an attacker owns a fake site purporting to be from a known brand and uses it for malicious purposes. Typosquatters are there waiting for you when you accidentally type Gpple.com or Facenook.com. They convince you that their website is legitimate by making it look like the real deal, then when you enter your password, or download the suggested link, attackers gain access to your information or network.

What is Friday Afternoon Fraud?

One of the most common forms of cybercrime in the legal sector, Friday Afternoon Fraud is associated with the large sums of money often transferred at this time of day by house buyers to their conveyancing solicitors’ accounts. Phishing emails purporting to be from the solicitor request the buyer to transfer their personal information or funds into a phony account instead, hoping that the inherent urgency of the transaction means people don’t examine it too closely.

What is a Botnet?

If a robot and a network were to have a baby, but it was an evil baby with multiple heads, it would be a botnet. A botnet is a constellation of web-connected devices infected by a form of malware without the device owners being aware. Using the malware, the attacker can control the group of devices to spread more malware, steal data, or launch a DDoS attack.

And we all know how this ends…

What is Email Impersonation?

Email Impersonation is an encompassing term that describes an attacker using your domain, or one which looks very similar, to send phishing emails. It’s not an interchangeable term with Exact Domain Impersonation, where the attacker spoofs your exact domain only.

What are Blacklists and Whitelists?

Imagine the doorman at a party has to decide who to let in and who to turn away. The Blacklist approach is a list of the known havoc-causers and party poopers, so they know who to turn away. The Whitelist approach is to list all confirmed party guests so that only they get in. In email and cybersecurity, the party is the network and the door is the network endpoint. The Blacklist recognizes and blocks all known malware threats, Trojans, scams, etc. The Whitelist allows in only known accepted entities — including software, processes, devices, and email addresses.

What are SPF and DKIM?

SPF and DKIM are two essential email authentication protocols. SPF stands for Sender Policy Framework, this is essentially a whitelist that outlines the senders that are authorized to send emails on your behalf. Its main goal is to prevent email forgery. DKIM on the other hand stands for Domain Keys Identified Mail, and its primary purpose is to ensure that the email you’re sending hasn’t been modified. Together (and when correctly set up) they create the basis of your email authentication, but to actually stop phishing, you need to also implement DMARC, which works using these.

What is DMARC?

Last but not least, let’s talk about DMARC, Domain-based Message Authentication, Reporting, and Conformance. DMARC is an essential authentication protocol that (when properly configured at a policy of p=reject) protects your domain from exact impersonation and stops hackers from using your domain and brand to send phishing emails. It uses the signals from SPF and DKIM to do this. You can find out more about DMARC works (and its benefits) here.

Check your email security setup today!

So there you have it, all the terms you’ll need to know to get from total newbie to email security boffin! While you’re at it, why not find out what your SPF, DKIM, and DMARC setup looks like with our free investigate tool?

check email dmarc setup

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Jargon
  • Security

Post navigation

Previous Post 6 Free email tools to make your life easier
Next Post Top 5 Email Deliverability Killers

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift