A no-nonsense guide to the cybersec terms that will take you from beginner to boffin
I came to the world of cybersecurity just over 6 months ago after spending nearly 10 years working in the contact centre industry — such a context switch highlighted how entrenched terminology becomes and how impenetrable it can be for a newbie unless they are willing to put their hand up in a meeting and ask “errrr what does that mean?”.
In a bid to help you avoid this outsider embarrassment, I’ve worked with the Red Sift team to compile a short, jargon-busting, no-nonsense overview of what different cybersecurity terms mean and how to use them.
Spoofing in cybersec is not a form of comedic entertainment; it’s when an email is created from a fraudulent sender address. It might look like a real email, but that’s because it’s been cleverly designed for you to think so — it has arrived in your inbox because the spoofer is using a legitimate email domain without authorisation. Most of us have received emails from spoofed domains at some point — banks, councils or HMRC are some of the most common.
Phishing is when an attacker sends an email out to trick the recipient into sharing personal details or clicking on a link. Basic phishing emails are sent out en masse with no specific targets. They bait recipients with offers of money or reward, or they use scaremongering, e.g. a bank account compromise, in a bid to get them clicking a hyperlink or sharing sensitive info.
Spear phishing is targeted phishing; the emails target specific, known individuals — employees or customers — in an organisation. Spear phishing emails most often mimic emails from within the target organisation or a closely linked partner org, so recipients are more likely to think the sender is legitimate.
Like the name suggests, it’s when scammers go for the big guns: a person of professional status like a CEO or senior executive who has access to cash or company secrets. A whaling email will be cleverly crafted to convince a specific recipient to open a link or download a program, for example by duping them into thinking they’ve received a real court summons or serious legal complaint. The email can appear to come from an internal source, not just external, at which point it may also be given the similarly jargonistic term ‘CEO fraud’.
More dramatically known as ‘URL hijacking’, typosquatting is when an attacker owns a fake site purporting to be from a known brand and uses it for malicious purposes. Typosquatters are there waiting for you when you accidentally type Gpple.com or Facenook.com. They convince you that their website is legitimate by making it look like the real deal, then when you enter your password, or download the suggested link, attackers gain access to your information or network.
Friday afternoon fraud
One of the most common forms of cybercrime in the legal sector, Friday afternoon fraud is associated with the large sums of money often transferred at this time of day by house buyers to their conveyancing solicitors’ accounts. Phishing emails purporting to be from the solicitor request the buyer to transfer their personal information or funds into a phoney account instead, hoping that the inherent urgency of the transaction means people don’t examine it too closely.
If a robot and a network were to have a baby, but it was an evil baby with multiple heads, it would be a botnet. A botnet is a constellation of web-connected devices infected by a form of malware without the device owners being aware. Using the malware, the attacker can control the group of devices to spread more malware, steal data, or launch a DDoS attack.
Blacklist vs whitelist
Imagine the doorman at a party has to decide who to let in and who to turn away. The blacklist approach is a list of the known havoc-causers and party poopers, so they know who to turn away. The whitelist approach is to list all confirmed party guests so that only they get in. In cybersecurity, the party is the network and the door is the network endpoint. The blacklist recognises and blocks all known malware threats, Trojans, scams etc. The whitelist allows in only known accepted entities — including software, processes, devices and email addresses.
SPF, DKIM and DMARC
Last but not least, let’s talk about the good guys: SPF, DKIM and DMARC. Each of these acronyms is an email security protocol, but they all have different functions. SPF + DKIM + a little extra magic, make up DMARC. When an email is sent, our friend SPF checks if the email is coming from a valid sender IP address. Our other pal DKIM verifies if the email has been signed by the domain it was sent from, or another authorised domain. Then, our best mate DMARC puts these reports together to decide whether the email comes from an authentic sender or not. DMARC delivers authenticated emails to the inbox, and rejects any it regards as unauthorised. We’re so enamoured by these three that we’ve written a whole other post dedicated to them.
So there you have it, all the terms you’ll need to know to get from total newbie to cyber boffin… well, at least the ones you need to know to avoid outright humiliation. Have we missed any? Let us know in the comments below, or over on Twitter at @getOnDMARC