Key Terms & Definitions

SMiShing, slamming and cramming, oh my! We know that these terms and information can be confusing, so we’ve compiled a list of common scams you may encounter.

Commonly Used Terms

Phishing

Phishing is a common trick scammers use to "fish" your information using fake emails and websites. The sites ask consumers to enter financial or personal information.

SMiShing

This is the text messaging (also known as SMS messaging) equivalent to phishing, using text messages to deliver fake website links to your phone.

Slamming and Cramming

Scammers call and misrepresent themselves and then start asking for account information. They will take that to make unauthorized changes to your phone service.

International Area Code Scam

In this scam, a message tells you to call a phone number with an 809, 284 or 876 area code. The area code is actually for a number outside the United States, often in Canada or the Caribbean, which charges the customer for placing the call.

Email Viruses, Worms and Malware

Viruses, worms and malware are computer programs that can be destructive to computers. Bad guys can hide these things in email attachments or web links, activating as soon as the customer opens the file.

Know the Terms

This glossary defines common terms used in fraud and cybersecurity:

APT (Advanced Persistent Threat): A targeted attack that penetrates a network without detection and maintains access for a period of time, all while monitoring information or stealing resources. APTs may continue for years.

Authentication: The process of confirming the identity of a user, most often with a username and password.

Black Hat Hackers: An individual with extensive computer skills used to breach security of companies for malicious purposes.

Botnet: A large number of compromised computers unknowingly used to create and send spam or viruses, or flood a network with messages such as in a distributed denial of service (DDoS) attack.

Botnet Management: Command and control tools that allow hacker groups to manage huge numbers of compromised systems.

BYOD (Bring Your Own Device): Bring-your-own-device is a business practice of permitting employees to use their own devices – computers, smartphone and tablets – for work.

Dark Web: The area of the internet that is hidden from search engines, accessible only via a special web browser. This is the marketplace for illicit items or services.

Data Mining: A technique used to analyze existing data for enhanced value.

DDoS (Distributed Denial of Service): A type of attack that makes an online service unavailable by overwhelming it with traffic from multiple compromised systems.

Defense In-Depth: The approach of using multiple layers of security to maintain protection after failure of a single security component.

Doxing, Doxxing: Broadcasting personal information about a person or group, usually done by hacktivists. The term comes from “dropping dox,” using the slang term for .DOCX, the file extension used by Microsoft Word.

Encryption: Translating data into unreadable code to keep that data private. See Public Key Encryption for more information.

Exfiltrated Data: Illegal transfer of an organization’s data as the result of a cyberbreach.

Firewall: A hardware or software system that blocks unauthorized traffic from entering/leaving a network.

Forensics: Collects, analyzes and reports on data to use in the detection and prevention of a breach.

Grey Hat Hackers: Ethically between black hat and white hat hackers, grey hats exploit system vulnerabilities, which is technically illegal. They tend not to leverage these hacks as a criminal, but sometimes offer to close the security gap for a fee.

Hacktivist: Hacker or group that breaches systems for political, rather than monetary, gain.

IoT (Internet of Things): Connection of everyday objects with embedded electronics, from smartwatches to pet collars to cars, with each other across modern networks.

Keystroke Logger, Keylogger: Surveillance software that records every keystroke, including usernames and passwords.

Machine Learning: An area of artificial intelligence that focuses on computer programs teaching themselves to uncover ever-more complex cyberthreats.

Machine-to-machine (M2M): Any direct interaction over any network of electronically enabled devices, with no human involvement in the communications loop.

Malware: A generic term for a number of different types of malicious software. It may be delivered via a virus, an email, or a compromised webpage.

Man-in-the-middle: An attacker who secretly intercepts and possibly modifies messages between two parties.

Multifactor Authentication (MFA): A method of verifying a user’s identify that relies on more than one set of security credentials.

Packet: A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data.

Phishing: Social engineering through emails using known information about the target to acquire other data such as user names, passwords, or financial information.

Penetration (Pen) Test: An in-depth test to identify and patch vulnerabilities in an organization’s networks and IT.

Public Key: The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public Key Encryption: Encryption system that uses two mathematical “keys.” One, the public key, is known to everyone and used to encrypt a message. The second, the private key, is known only to the recipient and used to decrypt a message.

Ransomware: A type of malware that restricts access to data and demands that a payment be made to the attacker to restore access.

Rogue Wi-Fi hotspot: An unsecure Wi-Fi network that is often created by bad actors to steal or compromise sensitive data. These networks are easily avoided by using VPNs.

Social Engineering: The old con game of convincing someone they are someone you can trust or believe, to gain your confidence. Then, the con artist gets information from you they can use to scam you or someone else.

Spear Phishing: An email scam that uses social engineering to steal information or install malicious software on a system.

Two-Factor Authentication: A method used to improve security by requiring two separate items for access to a resource, e.g., a password, an access card, fingerprint, etc.

Trojan, Trojan Horse: Malware that appears to be a benign, useful application to encourage users to run the program, which installs a destructive payload.

White Hat Hackers: Computer security experts who penetrate networks to warn companies of gaps that a malicious attacker could exploit. They are often employed by the companies themselves to test the durability of their systems.

Zero-day Attack, Zero-day Exploit: A new type of cyberattack that hasn’t been seen before.