Glossary

Cybersecurity terms,explained clearly

Plain-language definitions of the phishing, social engineering, and human-risk terms that matter, written for security teams and the people they protect.

B

Business Email Compromise

A targeted financial fraud where an attacker poses as a trusted executive, supplier, or colleague over email to trick an employee into transferring money or sensitive data.

C

Clone Phishing

Clone phishing is an attack that copies a real, previously delivered email and resends it with malicious links or attachments swapped in, exploiting the trust the recipient already placed in the original message.

Credential Harvesting

Credential harvesting is the theft of usernames, passwords, and other login data, usually through fake login pages or deceptive messages, so attackers can access accounts and systems.

H

Human Risk Management

A security discipline that identifies, measures, and reduces the risk that people introduce through their everyday behavior.

M

Multi-Factor Authentication (MFA)

A security method that requires two or more independent proofs of identity before granting access to an account or system.

P

Phishing

Phishing is a social engineering attack where criminals impersonate a trusted sender to trick people into revealing credentials, transferring money, or installing malware.

Phishing Simulation

A controlled, authorized exercise that sends realistic but harmless fake phishing messages to employees to measure how they respond and to train safer behavior.

Q

Quishing (QR Code Phishing)

Quishing is a phishing attack that hides a malicious link inside a QR code to trick people into visiting a fraudulent site or installing malware.

R

Ransomware

Malware that encrypts an organisation's files or locks its systems, then demands a payment to restore access.

S

Security Awareness Training

Security awareness training is structured education that teaches employees to recognize and respond to cyber threats such as phishing, social engineering, and unsafe data handling.

Smishing

Smishing is phishing carried out over SMS or other text messaging, where attackers send fraudulent texts to trick people into revealing data, clicking malicious links, or sending money.

Social Engineering

The manipulation of people into revealing sensitive information or taking unsafe actions by exploiting trust, emotion, and human psychology rather than technical flaws.

Spear Phishing

A targeted phishing attack that uses personalized details about a specific individual or organization to make a fraudulent message far more convincing.

V

Vishing

Vishing is a voice-based social engineering attack where a caller impersonates a trusted party over the phone to trick victims into revealing sensitive information or authorizing fraudulent actions.

W

Whaling

A highly targeted phishing attack aimed at senior executives and other high-value individuals to steal money, credentials, or sensitive data.

Put the theory into practice

See how Claro turns awareness into measurable behavior change.

Request a demo