Glossary

 Commonly Used Phrases and Terms Associated with Cybercrime.

A

• Account Takeover (ATO): Unauthorized access to a user's online account (e.g., email, social media, bank account) by a malicious actor.

• Advanced Fee Scam (419 Scam): A con where victims are promised a large sum of money in return for a smaller upfront payment, which the scammers then steal.

• Adware: Software that displays unwanted advertisements on a user's computer or mobile device.

B

• Baiting: A social engineering attack where malicious actors use physical media (like USB drives) or enticing online offers to lure victims into compromising their security.

• Banking Trojan: Malware designed to steal login credentials and financial information from online banking sessions.

• Botnet: A network of compromised computers or devices (bots) controlled remotely by a single attacker (bot herder) to perform malicious tasks.

• Brute-Force Attack: An attempt to guess passwords or encryption keys by systematically trying all possible combinations.

• Business Email Compromise (BEC): A sophisticated scam targeting businesses, often involving impersonating executives to trick employees into transferring funds or revealing sensitive information.

C

• Carding: The trafficking and use of stolen credit or debit card information.

• Catfishing: Creating a fake online identity to deceive someone, often for financial gain or emotional manipulation.

• Clickjacking: A malicious technique where users are tricked into clicking on a hidden link or button, often leading to malware installation or unintended actions.

• Credential Stuffing: An automated attack that uses stolen usernames and passwords from data breaches to try and log into other online accounts.

• Cyberbullying: Harassment or bullying that takes place online.

• Cyberstalking: Using electronic communication to harass or intimidate someone, often involving threats.

D

• Data Breach: A security incident where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.  

• 
  

• Denial-of-Service (DoS) Attack: An attempt to make an online service unavailable by overwhelming it with traffic from a single source. A Distributed Denial-of-Service (DDoS) attack uses multiple compromised systems.  

• 
  

• Deepfake: Synthesized media (videos, audio, images) that realistically depicts someone saying or doing something they never did.

E

• Exploit: A piece of software, a chunk of data, or a sequence of commands that takes advantage of a vulnerability in a computer system or software application to cause unintended or unanticipated behavior.

F

• Fake Invoice Scam: Scammers send fake invoices that look legitimate to trick businesses or individuals into paying for goods or services they didn't order.

• Fraudulent Wire Transfer: Tricking individuals or businesses into sending money to fraudulent accounts.

G

• Grandparent Scam: A phone scam where fraudsters impersonate a grandchild in distress and urgently request money.

H

• Hacking: Unauthorized access to or control over computer network security systems for an illicit purpose.

• Hoax: A false warning or story circulated online, often designed to cause fear or encourage users to take unnecessary actions.

I

• Identity Theft: The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.  

• 
  

• Impersonation Scam: Scammers pretending to be someone they are not (e.g., government official, customer support, romantic interest) to deceive victims.

• Insider Threat: A security risk that originates from within the organization, such as a current or former employee.

K

• Keylogging: The act of recording the keys struck on a keyboard, often done secretly to capture passwords and other sensitive information.

L

• Logic Bomb: A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.  

• 
  

• Love Scam (Romance Scam): A con where someone creates a fake online identity to build a romantic relationship with a victim and then asks for money.

M

• Malware: Malicious software designed to damage or disable computers and computer systems. This includes viruses, worms, Trojans, ransomware, spyware, and adware.

• Man-in-the-Middle (MITM) Attack: An attack where a malicious actor intercepts communication between two parties without their knowledge.

P

• Password Cracking: Techniques used to recover passwords from data that has been stored in or transmitted by a computer system.

• Pharming: A type of online fraud where malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.  

• 
  

• Phishing: A type of social engineering attack where criminals send fraudulent emails, text messages, or other communications to trick victims into revealing sensitive information (e.g., passwords, credit card numbers). Spear Phishing is a targeted form of phishing aimed at specific individuals or groups.

• Pig Butchering Scam: A sophisticated and prolonged scam where fraudsters build trust and even a romantic relationship with victims online before convincing them to invest in fake cryptocurrency schemes.

• Pretexting: A social engineering attack where an attacker creates a believable scenario (pretext) to trick a victim into divulging information or granting access.

• Puppet Account: A fake social media profile used for malicious purposes, such as spreading scams or harassment.

R

• Ransomware: A type of malware that encrypts a victim's files and demands a ransom payment to restore access.

• Remote Access Scam: Scammers trick victims into granting them remote access to their computers, often under the guise of providing technical support, and then steal sensitive information or install malware.

• Rootkit: A type of malware designed to conceal the existence of certain processes or programs from normal methods of detection, enabling continued malicious access to a computer system.

S

• Scareware: Malware that tricks users into believing their computer is infected with viruses and often pressures them to pay for fake software to remove the non-existent threats.

• SIM Swapping: A scam where fraudsters trick mobile carriers into transferring a victim's phone number to a SIM card they control, allowing them to intercept calls, texts, and two-factor authentication codes.

• Smishing: Phishing attacks conducted via SMS (text messages).

• Social Engineering: The art of manipulating people so they give up confidential information.

• Spyware: Malware that secretly monitors a user's computer activity without their knowledge and often transmits this information to a remote attacker.

• SQL Injection: A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.  

• 
  

• Supply Chain Attack: Targeting vulnerabilities in a company's supply chain (e.g., software vendors) to gain access to the main target.

T

• Tech Support Scam: Scammers impersonate technical support representatives to trick victims into paying for unnecessary services or granting remote access to their computers.

• Trojan Horse (Trojan): A type of malware that disguises itself as a legitimate program to trick users into installing it, often leading to data theft or system compromise.

V

• Virus: A type of malware that attaches itself to a host program and spreads when the program is executed.

• Vishing: Phishing attacks conducted over the phone (voice phishing).

W

• Worm: A self-replicating type of malware that can spread across networks without needing to attach to a host program.