Phishing terms, explained simply

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Targeted phishing aimed at a specific person or organization, often using personal information gathered beforehand.

Phishing delivered via SMS text message. Mobile-targeted attacks that exploit the trust placed in text messages.

Phishing carried out over a phone call, often using spoofed caller ID and urgency tactics.

Phishing that uses a QR code to deliver a malicious URL — bypasses many corporate URL filters.

Registering domain names that look like a known brand to catch users who mistype or skim. The infrastructure layer of phishing.

Replacing a character in a domain with a visually identical one (often a Unicode lookalike) so the URL passes a glance test.

Internationalized Domain Names that use non-ASCII characters to spoof brand names.

Targeted phishing aimed at corporate finance teams to redirect wire transfers or invoice payments.

The capture stage of a phishing attack — a fake login page that records whatever the victim types.

Google's real-time blocklist of phishing and malware URLs. The most widely deployed URL-reputation feed in the world.

URL/file scanning service that aggregates verdicts from 70+ antivirus engines and threat-intel feeds.

Public malware URL database curated by the abuse.ch research team.

The three email-authentication standards that prove an email actually came from the domain it claims.

A modern phishing kit that proxies traffic in real time between victim and the real service — defeating MFA.