1. A form of criminal activity using social engineering techniques through email or instant messaging. Phishers attempt to fraudulently acquire other people’s personal information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication. (, accessed 15 Nov 2010).

Source: Terms & Definitions of Interest for DoD Counterintelligence Professionals, Office of the National Counterintelligence,

2. Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.

Source: The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs,

3. The attempt to trick email users into entering sensitive or private information through the use of an email that appears to come from a trusted source.

Source: Guide to Cybersecurity as Risk Management: The Role of Elected Officials, Governing Institute, CGI,

4. A phishing attack is when an attacker sends out a deceptive email with the goal of getting users to enter their login credentials into a fraudulent site or to infect the target’s device with malware. Because it’s relatively easy to create sites which are convincing on first glance to people who are busy or distracted, this is a relatively low-cost attack with a high probability of success. A spear-phishing attack is a phishing attack targeting a particular person. In a spear-phishing attack, the attacker researches the target and tries to personalize the phishing email to be very compelling. A simple way to combat phishing attacks is by using multi-factor authentication.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology,

5. The use of social engineering methods to manipulate unsuspecting people to take an action on behalf of the exploiter, commonly this action is to share login credentials.

Source: Security of Election Announcements, 2018-2019 San Mateo County Civil Grand Jury,

6. A technique for attempting to acquire sensitive data through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate, reputable, or known-to-the-user person or business.

Source: U.S. Cyberspace Solarium Commission, March 2020,

7. The practice of attempting to acquire authentication credentials or other personal information by posing as a trustworthy or legitimate entity.

Source: Independent Panel on Internet Voting, British Columbia,