Social engineering is one of the most difficult cybersecurity threats to protect against. By definition, it targets human fallibility — flaws in human reasoning. Cybercriminals may work full-time figuring out how to trick people and sharing best practices, but employees at your organization have other jobs to do. There’s a knowledge imbalance between the digital con artists and their would-be victims. That’s why cons work.

One way to inoculate staff against falling prey to this kind of manipulation is through education and training. Security awareness training often avoids bogging employees down with security jargon, which sounds like a good idea. Nontechnical employees and executives normally shouldn’t have to become security experts. But in the realm of social engineering protection, knowing the jargon is one of the most powerful tools we have to educate staff.

The reason is that the definitions of these terms contain within them the methods. To know the words is to expect the attacks — or recognize them when they occur. It’s time to integrate the learning and memorization of social engineering jargon into every security training session. By learning these words cold, employees will also learn to avoid falling prey to social engineering attacks.

Social Engineering Vocab to Add to Your Next Security Training

Here is the basic vocabulary that everyone in your organization should know.


An umbrella term for any fraudulent attempt to get information by acting like a trusted person or organization in any electronic communications medium, usually email.


When the attempt happens via text message, it’s called smishing. Smishing can be effective because some users are more trusting on SMS compared to email.


Vishing is when an attacker uses a phone call to trick victims into giving up sensitive information such as passwords. Perpetrators of this crime typically use Voice over Internet Protocol (VoIP) calls and misrepresent themselves as employees of a bank or other organization.

Bulk Phishing

This basic attack spams large numbers of people with generic messages that link to a large number of different fraudulent URLs in the hope of tricking a small percentage of the recipients into giving up sensitive information. If some of the URLs are shut down, others still remain.

Spear Phishing

Rather than spamming large numbers of generic messages, spear phishing campaigns send small numbers of customized messages containing recognizable or relevant content to a small number of people. It requires some knowledge of the target for customization. The most obvious version of this is to send emails to people in a company, and make the email appear as if it came from another person in the same company. The more specific and targeted the attack, the more effective it can be.

Snowshoe Attack

Sitting somewhere between generic bulk and specific spear attacks is the snowshoe attack, whereby small, semitargeted emails are sent in batches small enough to fall below the threshold that triggers spam filters, but large enough to enable mass emailing. Snowshoe attacks use a large number of sender IP addresses, with a low number of emails per IP address. The term snowshoe refers to a spamming technique, regardless of whether it’s a phishing attack or just unwanted advertising.

Hailstorm Attack

Instead of flying under the radar to avoid triggering spam filters, hailstorm attacks try to beat spam filters to the punch, launching a large number of emails at once to catch spam filters off guard — essentially finishing the sending before the filters have time to respond.

Clone Phishing

With this technique, a legitimate email — from, say, a financial institution or government entity — is copied almost verbatim, complete with graphics, but usually with the links changed to malicious URLs.


Whaling attacks target top employees, such as CEOs, CFOs or CIOs. This kind of attack can be appealing to cybercriminals because more information is publicly available about these high-profile targets, and they tend to have more access to sensitive information at a company.


The simple idea behind tabnabbing is that by spoofing and directing users to fake sites, they’ll enter usernames and passwords, which can then be used by the perpetrators to log into the real sites. It’s called tabnabbing because it exploits the tendency of users to have many tabs open. By opening a new tab on a malicious site that displays only a username and password form, the user may assume that one of their legitimate tabs simply timed out, and may enter the credentials to log back in.

In-Session Phishing

As stated above, users tend to have multiple tabs open while using their browsers. Pop-up messages appear, and could theoretically come from any of the open tabs. Cybercriminals can in some instances use this confluence of circumstances to launch a pop-up from one tab that appears to be from another. For example, let’s say a user has a dozen tabs open — one is a gaming site, another is a bank website. Malicious code on the gaming site could detect the banking site and launch a pop-up that spoofs the banking site, asking for, among other things, login credentials. This attack could work in a less targeted way even without knowledge of the specific site in the other tab. A generic pop-up could trick enough users to be worthwhile to malicious actors.

Reverse Tabnabbing

Similar to tabnabbing, reverse tabnabbing is where a legitimate page open in a tab is replaced with a fraudulent version in the same tab. That fake page times out, requiring the username and password, which is then stolen.

Email Spoofing

This practice involves forging an email header to make an email appear to come from a legitimate or friendly source. This technique may also be used to evade spam filters or as part of an identity theft scheme.

Website Forgery

Website forgery involves either a fake, but legitimate looking, website, or a fraudulent replica of a legitimate site to trick users into giving up sensitive information.

Link Manipulation

This is an umbrella term that covers any attempt to hide URLs or trick users into falsely believing that a fraudulent URL is legitimate.

Link Hiding

Users can’t detect a suspicious URL if they can’t see it. That’s why phishers often hide URLs by sending HTML emails, where the URL is activated by the hyperlink (hyperlinks with the right words link to the wrong websites). Malicious URLs can also be hidden using URL shorteners or PDF files.


Cybercriminals have long registered URLs that are similar to popular URLs owned by major brands in the hopes that someone will misspell the desired URL and land on theirs. Labels associated with this simple idea include URL hijacking, fake URLs, cybersquatting and brandjacking. URLs with subtle typos are also used in phishing attacks because victims may not notice the misspelling and click with confidence.

Homograph Attack

Domain names can use multiple alphabets. Some letters in different alphabets look identical. A homograph attack is one that exploits this fact to create a fraudulent URL that looks perfectly legitimate. For example, by using a lowercase Cyrillic letter “A” instead of a lowercase “A” from the English alphabet, a URL appears as if it’s all English, but is viewed by the domain name system as a different URL. Financial institutions with the letter “A” in their names, such as Bank of America or PayPal, are frequent subjects of homograph attacks.

Know the Names, Prevent the Attacks

Due to the prevalence of phishing and other social engineering attacks, it’s vital to stay one step ahead of scammers with advanced security tools and/or managed security services.

Training is the other necessary component. When training employees about cybersecurity, by all means try to avoid jargon and speak in plain language so everyone can understand. But when it comes to social engineering training, make sure every employee learns the names of specific attacks. Yes, raise awareness with phishing simulations and other smart exercises — but also teach the vocab. To know the names is to know the attacks, and to know the attacks is to recognize them when you’re the target.

More from Risk Management

What CISOs Should Know About Hacking in 2023

The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job.Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries.As we begin to navigate 2023, the security landscape has transformed from a year ago, let alone a decade ago. The Russian invasion of Ukraine, emerging technologies like Web3 and AI, and new, post-pandemic…

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response. Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…