Understanding the vocabulary of email fraud is essential if you hope to defend your customers, employees, and brand reputation from phishing attacks.
Below we’ve included 10 top terms from our Ultimate Email Fraud Glossary, that launched this week. If you want to dive deeper into a specific term, click the “Learn More” link—for additional information on the subject.
- Authentication: Authentication is the process of determining whether someone or something is who or what it is declared to be. In an email, there are three main types of authentication: SPF, DKIM, and DMARC. Learn More >
- Brand Spoofing: Brand spoofing is one or more tactics that trick customers into thinking an email is legitimate and comes from a reputable brand. The tactics can include a domain not owned by the brand (companybrand@phish.com), the email subject line, or the Display Name. Learn More >>
- Cousin Domains: A cousin domain (i.e., “look-alike domain”) is a registered domain name that is deceptively similar to a target domain name, but bears no relation to it (e.g., www.examp1e.com). Learn More >>
- DKIM (DomainKeys Identified Mail): A protocol that allows an organization to take responsibility for transmitting a message in a way that can be verified by a mailbox provider. This verification takes place through cryptographic authentication. Learn More >>
- DMARC (Domain-based Message Authentication Reporting and Conformance): DMARC is an email authentication protocol that ensures legitimate email is properly authenticating against established DKIM and SPF standards. It also ensures fraudulent activity appearing to come from domains under the organization’s control—active sending domains, non-sending domains, and defensively registered domains—is blocked. Two key values of DMARC are domain alignment and reporting. Learn More >>
- Domain Spoofing: A spoofing tactic that leverages the legitimate sending domain of a brand to send malicious emails. Learn More >
- Envelope From: The return address contained in the hidden email message header which tells mail servers where to return or bounce the message back to (aka return-path or mfrom). Learn More >>
- Header From Domain: The domain name included after the @ symbol in the Header From email address of a message. Learn More >>
- Phishing: A type of spam intended to trick email recipients into giving up sensitive information for malicious reasons. Learn More >>
- Sender Policy Framework (SPF): An email authentication protocol that allows the owner of a domain to specify which mail servers to send mail from on that domain. Learn More >>
Want more definitions? Find them in The Ultimate Email Fraud Glossary.