Glossary of Terms
A B C D E F G H I
J K L M N O P Q R
S T U V W X Y Z
A sea turtle with a tag popping over the back of its shell (or hanging down) is a customer at a kiosk with a manatee behind it. The shop sells all kinds of shells (crabs, turtles, snails, etc). There's a sneaky sea star on top of the payment terminal who's going to intercept payment. The manatee has the nametag "Sally" (she sells sea shells) and says, "Thank you for shopping ShellMart. Please tap to pay". The sea star has a small white chip on its back that says "NFC".
This demonstrates how an adversary (starfish) is intercepting a transaction unknowingly to the user (sea turtle) and the vendor/server (manatee).
A shark has their mouth open with a sign hanging from their nose that says, "Welcome to Spelunking Adventures Cave", disguising their mouth as a cave for the fish to unknowingly enter.
This demonstrates how a phishing page can use iframes to mimic a legitimate browser window, tricking users into believing they are interacting with a trusted site.
A sea otter is drafting up a plan to enter a sunken pirate ship and take the treasure that's inside. There's a blueprint on an easel.
This demonstrates how attackers often craft elaborate phishing schemes to trick victims into giving up credentials, installing malware, or performing other harmful actions.
A barracuda is disguising itself to look like a Grouper fish to blend into a school for Groupers only (Groupa Grouper Academy). The barracuda clearly has taped-on fins and sharp teeth.
This demonstrates how attackers will use doppelganger domains and pages to visually look similar to the real target in order to trick the user.
A stingray is embedded partially and hiding in the sand, holding a fake coral up with its tail. A couple of fish are swimming by and want to check it out, but one of them says, "Hold on. Let's hover here for a while to make sure it's safe."
This demonstrates how attackers use hyperlinks with display text that differs from the actual destination URL, hiding where the link will truly take the victim. "Hovering over" with your mouse is a good way to identify the address of the link without actually clicking the link.
A whale shark with a silhouette of a swarm of manta rays can be seen in the background, clearly "filter feeder" territory. A krill/plankton, or other prey is holding up their hands to stop the whale shark in its tracks. It is disguised as a large lobster, a type of crustacean that filter feeders would not likely eat. A "mind trick" is used to convince the whale shark not to eat them.
The image represents how advanced spear phishing techniques use masking to evade and convince spam and web content filters to safely make it through to the recipients' inboxes.
Robot Anglerfish is in "Swordfinia", reading the nametag, sign, and sunglasses from a swordfish he's approached. The robot is coming up with a believable story based on the input it received to trick the swordfish into following him.
This represents how Generative AI (LLMs) in recent history have advanced and are being used to generate custom email templates that target their recipients and are more believable.
A sea snail that's known to eat mollusks is being carried into a "Pearl Emporium" by an unknowing employee. The shell is colorful and says "FREE" on it, in an attempt to get smuggled unknowingly into the jewelry shop with oysters.
HTML smuggling is a technique used by attackers to deliver malicious payloads, such as malware or malicious documents, to a target system without being detected by traditional security measures. This is typically accomplished by embedding the malicious code within a legitimate-looking HTML file, which can be delivered via various methods, such as email attachments or links. Once the HTML file is opened by the victim, it can execute scripts that download and install the malicious payload directly onto the victim’s device. Because the delivery method appears to be legitimate web content, it can bypass security controls that are designed to inspect and block malicious files.
Penguins are having a formal (in tuxes) party. The server has a tray of beverages they're passing to their fellow penguins, but unbeknownst to them a sneaky polar bear is popping up from the water and placing something nefarious into one of the bottles.
This shows how users can be tricked or their access abused in order to leverage their trust with other employees (their peers) to further phishing campaigns by using real accounts.
A view from below the water showing a fishing boat that says "Browser Exploitation" on it. There's a hook with a hamburger on it with a bull shark circling.
This demonstrates JavaScript "Hooking" being carried out by a popular Open Source phishing kit called "BeEF" (AKA Browser Exploitation Framework). The logo for the tool is a bull, which is why a bull shark was used. The hamburger represents "beef" and is the bait for the "hook".
An Orca is working in a bait and tackle shop, selling different poles and lures.
This represents the phishing frameworks and toolkits the adversaries use in their arsenal to phish their targets. The frameworks typically support a variety of different techniques and features to allow them to "go phishing".
A hermit crab is on a beach trying on different shells. One of the shells is a paper machete propped up with a stick and a string attached held by a seagull.
The "landing" here is a beach, showing the platform used to host a familiar resource (the shell) which is not legitimate. The seagull is the antagonist waiting for the right time to "capture" the user.
A cleaner shrimp lounging comfortably in a folding chair reading the newspaper. The newspaper has a large hook in the back with a string going up off the book page. He's saying off to the side (while sipping his coffee), "Wow did you see the news yet?" to someone off-screen/page. The title of the paper is "The Daily Prawn" and the paper is big enough to read some of the paper headlines (not the article contents). A section of the paper is called "Art Corner" or "Today's Comic". Article headlines could be, "Bloom of Jellyfish Hijacks Sessions", "Update Passwords NOW!", "Visit Site Here", "New Policy", or "Response Required". On the desk or floor next to the shrimp is an opened envelope with a paperclip (attachment icon) on it.
This represents how malicious documents are used in phishing campaigns that hide in attachments, such as Word documents, spreadsheets, and PDFs. The paperclip on the envelope represents the "attachment" and the newspaper is the "document". The hook on the document shows it's unsafe.
A sea star is prying open a small shell that says "Reverse" on it. There are clearly other, larger shells that have been pried open (damaged) that were like Russian nesting dolls that held the other shells resting on the sea floor with debris all around. The next size up has "Details.zip" written on it and the biggest shell (an elaborate conch shell) has "Invoice.pdf" on it. The sea star has a confused look on its face saying, "What's a reverse shell?"
This demonstrates how malicious actors will try and get malware past email solutions by embedding layers of nested attachments. In this case, a PDF which itself was not malicious but is enticing (the fancy conch shell that represents the Invoice), contained an embedded ZIP (or a link to an archive) that contained a reverse shell, which gives attackers direct access to their device.
A car valet at a fancy establishment (with pillars looking like the lost city of Atlantis) is a Walrus who's being tossed keys to a nice convertible car. The seal is the owner and is saying, "Take care of my baby!" while the walrus responds, "Oh, I will..", suggesting the Walrus isn't to be trusted and will pull a Farris Bueller's Day Off.
This demonstrates how a user can be tricked into giving their "consent" to a third-party to have access to their Single-Sign-On resources, by falsely believing the page they're giving their consent to is legitimate.
An octopus is holding an unconscious fish up against their own phone for facial recognition so the octopus can get access to the mobile device.
This demonstrates how that even with Passkeys, if an attacker obtains physical access to a user's device and can use biometrics against them, they can still be victims of unauthorized access.
A pod of dolphins are entering an amusement park with a sign that has a QR code for tickets. Looking closely, there's been another QR code plastered over the legitimate one that is intended to direct paying customers to an untrusted location. The QR code actually takes the readers to the CybersecurityABCs website to read the glossary definition for QR Codes.
This demonstrates the threat of QR code phishing (or Quishing) that is used commonly to defeat anti-phishing and spam filters. Physical QR stickers are sometimes used in the non-digital real world as well in this very type of attack.
A clownfish is pranking passing traffic by dressing up as a traffic guard and redirecting them to a different location. A crab can be seen pointing to the other location while the clownfish, wearing clown makeup, is pointing elsewhere. A bag can be seen that the fish owns that says, "Property of Clown College" on it.
This is the cover of the book as well and shows a shark who is pretending to be a taxi cab driver at the airport. They've drawn a sketch to look like their target (a fish), so the victim will go with the shark. In the back of the cab, you can see a spearfishing pole.
This shows how an adversary can take the time and set up a fake pretense to specifically target certain individuals or companies, getting the users to trust them.
A "transparent" jellyfish is working as a switchboard operator with headphones on. The switchboard has different labels above the various plugs, saying things like "Gurgle, Octa Push, MS 20K, and Finbook" to show popular identity providers. The caller is saying, "Please authenticate me with Gurgle" and the jellyfish is responding, "Your session is eyJ…".
This demonstrates how transparent "Machine-in-the-Middle" reverse proxies can be used by attackers to facilitate traffic to legitimate services on behalf of a victim to intercept and hijack sessions, even with Multi-Factor Authentication (MFA). The user has no clue they're on a fake site since the experience is seamless and the information being retrieved is real, expected content (like emails, etc). The proxy in the middle is collecting session tokens and other information.
A treasure chest sits deep on the ocean floor where a pirate Narwhal is using its tusk and a combination padlock to access the contents of the chest. Bioluminescent creatures and moss are seen glowing against a dark background.
This shows how Universal Two-Factor Authentication has helped secure valuable resources by requiring the user to have "something they own" (the tusk) and "something they know" (the padlock combo). The Nalwhal is a pirate, which shows they are the rightful user.
A royal lionfish with a cardboard crown is seen sitting up on a coral rock formation, similar to a lion. In the background is a faint silhouette of a kelp forest (King of the Jungle). A zebra seahorse (these are real!) is beside the coral rock and is receiving a letter with a wax seal (of a seal with fancy starred edges) that's broken from the king. The seahorse has a speech bubble saying, "New royalty you say? This seal looks broken. Is your crown authentic?"
This represents how malicious actors will often impersonate or claim to be authoritative figures and the broken seal and fake crown are similar to authenticity checks like DMARC, DKIM, and SPF that can be used to validate a sender and their domain. The seahorse is right to question the sender of the message and is similar to checking the sender name and domain when an email is received.
An executive (blue whale) at a company is sitting at their desk, wearing a suit and tie. The desk reads, "Chief Oceanic Officer" (COO) and is seen taking a phone call from the "Help Desk", giving his password over to the attackers.
This demonstrates how attackers will specifically target executive leadership and privileged users in an attempt to leverage their authority for a bigger reward.
A sleeping saltwater crocodile is supposed to be guarding an aquarium with a clever squid in it. The squid has painted a fake squid on the glass, overlaying the background to make it look like they're still present, but clearly intends to escape through a hole cut in the aquarium wall.
This demonstrates an attack called, "Clickjacking", which uses iframes and CSS/JavaScript to "overlay" fake, invisible content on top of a legitimate page that is rendered inside of a malicious third-party site. The fake image on the glass is similar to invisible input fields placed strategically on "top" of elements within the iframe.
An eel salesperson has set up a fake car dealership which is clearly a two-dimensional prop, in order to fool an innocent sea horse into believing they've won something. Confetti is seen coming down from buoys in the water with a sign saying, "Congratulations!". The eel is saying, "Just sign here".
This demonstrates how techniques like these are used by attackers to convince victims to be more incentivized into clicking on links or giving out information. Exciting, urgent, or threatening emails are often used for these purposes.
A play on Little Red Riding Hood, a spotted "Damsel"-fish is strolling through the "woods" with a tiny red cape and a basket but is actually tentacles of a carnivorous sea anemone. The fish is singing, "Over the ocean and through the wood.." with a nervous look on its face. The tentacles behind and over the fish are ominously starting to curl inward.
This demonstrates how just simply being in the wrong place at the wrong time could result in a user falling victim to a Zero-Click Phishing attack. The victim doesn't need to take any action or interact with the message in order to become compromised.