In the constantly evolving digital world, new terms to describe cyber activities and cybercrime techniques are emerging every day.
We’ve pulled together a short glossary of useful general terms which you may come across when talking about cyber activity and cybercrime. These are general terms to describe activities and may not necessarily reflect NFU Mutual policy definitions. For definitions relating to your Personal Cyber cover, please refer to your policy wording.
A form of identity theft where a fraudster illegally uses bots (autonomous programs) to get access to a victim's bank, e-commerce site, or other types of accounts. A successful account takeover attack leads to fraudulent transactions and unauthorised shopping from the victim's compromised account.
An attempt by hackers to infiltrate a computer network or system, usually for their own financial gain. A successful attack can result in the hacker stealing information from the network or even holding it to ransom.
Websites that exist on an encrypted network and cannot be accessed using traditional web browsers. The Dark Web is not indexed by regular search engines. If a business suffers a data breach, your stolen confidential information may end up for sale on the Dark Web. Malicious actors can also purchase the tools to carry out their own ransomware attacks here.
A hacker is an expert at programming and solving problems with a computer or at gaining access to information on a computer. Not all hackers are malicious.
The deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and often to the other person's disadvantage or loss. Below are some examples of how this can occur:
- Stolen wallet.
- Criminal collates various pieces of personal data from online sources, e.g. social media.
- Data breaches – many companies who store personal information of customers/patients are subject to attack from hackers who attack their IT systems and steal the sensitive personal information.
- Confidential waste is not destroyed properly, and a criminal obtains this financial information.
- Phishing email – a customer clicks on an unsecure link which looks genuine, but instead it’s from a criminal and they are prompted to enter personal information.
Online Retail Fraud
A type of fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Goods or services are offered at cheap prices but are never shipped or provided. The payments are, of course, kept.
Malware is the collective name for a number of malicious software variants, including viruses, ransomware and spyware. Malware typically consists of code developed by cyber attackers / hackers, designed to cause extensive damage to data and systems or to gain unauthorised access to a network. The user is fooled into running an infected software or operating system for the malware to spread.
The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
The fraudulent practice of sending emails purporting to be from reputable companies in order to persuade or fool individuals to reveal personal information, such as passwords and credit card numbers. Some phishing scams can target organisational data in order to support espionage efforts or state-backed spying on opposition groups.
A type of malicious software designed to block access to a computer system until a sum of money is paid. It works by encrypting user data until the correct decryption key has been entered. It is usually downloaded unwittingly by clicking on an email link or a deceptive web link.
In the context of cybercrime, social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Smart Devices and Wearables: electronic devices and appliances connected to the internet such as a smart TV or speaker, mobile telephone, home security camera, baby / dog monitors, Alexa, Google home hub or smart watch.
A nice way of saying that someone or something has maliciously broken into your computer system without your knowledge or permission. It means that you can't trust the integrity of any file (program, document, spreadsheet, image, etc.) on your computer. Cardholder data compromise occurs when a merchant’s payment system is accessed maliciously, and cardholder account information is stolen.
Spyware- is a form of malware, that hides on your computer system and will monitor your activity and steal personal information.
Two-factor authentication (2FA)
An authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. i.e. Not just a single password to log on. One commonly used method is the card reader used with online banking or a verification code sent via text.
A vulnerability is a flaw or weakness in a computer system that leaves it susceptible to an attack from a malicious actor. You can minimise your exposure to known vulnerabilities by regularly updating your computer systems with the latest security updates. This will not work in the event of a zero-day exploit, however.
An attack on your computer system that exploits a vulnerability before developers have released a security update allowing the vulnerability to be patched. In other words, the bad guys exploit the vulnerability before the good guys have had a chance to fix it.
For further terms and definitions, you may wish to visit the National Cyber Security Centre glossary.