CHECKLINK AI

Security Glossary

Clear definitions for the link risk and trust signals you see around CheckLink.

Attack surface

The set of links, domains, channels, and workflows that attackers could abuse or imitate.

BEC

Short for Business Email Compromise.

Blacklist

A list of known risky domains, URLs, senders, or indicators.

Brand impersonation

Pretending to represent a known brand online.

Business Email Compromise

A scam where an attacker impersonates a trusted business contact to trigger money movement, credential sharing, or process changes.

Campaign link

A URL used in email, SMS, QR, ad, social, affiliate, or other campaigns.

Customer-facing link

A URL sent to customers or public audiences.

Disposable email

A temporary email address used for short-term communication.

DKIM

DomainKeys Identified Mail, an email authentication method that signs messages with a domain key.

DMARC

Domain-based Message Authentication, Reporting, and Conformance, an email policy signal built on SPF and DKIM alignment.

Domain impersonation

Using a domain that appears related to a brand without being official.

Domain spoofing

Making a domain or sender identity appear to belong to someone else.

Dynamic QR code

A QR code whose destination can be changed after the code is created.

Email authentication

DNS-based signals that help receivers evaluate whether mail is authorized for a domain.

Email header

Technical metadata attached to an email message.

Explainability

The ability to understand why a tool produced a signal or result.

False negative

A risky or malicious link that is not flagged.

False positive

A safe or acceptable link that is flagged as risky.

Feature engineering

Turning raw details into useful signals for review or scoring.

Free webmail risk

A caution signal when a business-looking request uses a free mailbox unexpectedly.

Gift card scam

A request to buy gift cards and send codes to someone pretending to be trusted.

Homoglyph

A character that looks similar to another character.

HTTPS

An encrypted connection between a browser and a website.

Human-in-the-loop

A workflow where a person reviews or interprets automated signals.

Lookalike domain

A domain designed to resemble another brand, product, or official website.

Malware link

A URL that leads to a malicious download, exploit, or installation prompt.

Manual review

Human review of a link, report, or listing context.

Message-ID

A unique identifier header usually generated by the sending mail system.

Official link

A URL a business recognizes as one of its real customer-facing destinations.

Official Links page

A public page that lists a business's reviewed customer-facing destinations.

Payroll diversion

A scam that tries to redirect salary or payroll deposits to an attacker-controlled account.

Phishing

A deceptive attempt to steal information or money by pretending to be a trusted person or service.

Punycode

An encoded form used for internationalized domain names.

QR phishing

Using QR codes to hide phishing links.

QR shortener

A shortened or tracking URL used behind a QR code.

Quick report

A printable summary generated from automated scanner results.

Quishing

QR phishing that uses a QR code to send people to a risky destination.

Redirect chain

A sequence of one or more redirects between the first URL and the final destination.

Reply-To

The email header that tells mail clients where replies should be sent.

Reputation signal

Context about whether a URL, domain, or sender is known or trusted elsewhere.

Return-Path

The email address used for bounce handling and delivery feedback.

Risk score

A numeric estimate based on available signals.

Security signal

A single clue that helps estimate risk.

Smishing

Phishing delivered through SMS or text messages.

Social engineering

Manipulating people into taking an action through pressure, trust, or deception.

SPF

Sender Policy Framework, an email authentication signal that checks whether a sending server is authorized for a domain.

SSL certificate

A certificate used to support encrypted HTTPS connections.

Suspicious link

A URL that has signals or context that make it worth checking before clicking.

Trust page

A public page that explains listing, ownership, or link context for a product or business.

Trust signal

A clue that helps users judge whether a link, site, or listing deserves more confidence.

Typosquatting

Registering domains that look like misspellings of real brands.

URL redirect

A server instruction that sends a browser from one URL to another.

URL shortener

A service that turns a long URL into a shorter redirecting URL.

User reporting loop

A process for collecting, reviewing, and acting on suspicious link reports from users or customers.

Vishing

Voice-based phishing or scam calls.

Wire transfer scam

A request that pressures a person or business to send funds to an attacker-controlled destination.