The Top Cybersecurity Terms You Need to Know

Here’s a list of common terms to make it easier for you to comprehend the reports or articles you come across and give you the opportunity to react quickly to threats.

Cyber Threats and Attacks

Malware is a broad term referring to malicious software that, once installed on your device, could enable hackers to gain access to it. Once that happens, cybercriminals may be able to control your device, steal your identity and commit fraud. Here are several examples of malware:

• Ransomware prevents you from accessing devices, computer networks, systems or files—essentially holding them hostage. To regain control, cyberthieves will demand payment from you, usually in the form of cryptocurrency.
  
  
• Spyware allows cybercriminals to track and record all your online activities, as well as capture sensitive information, such as passwords. Hackers can sell your tracking information to third parties interested in learning more about your online activities or interests.
  
  
• Keylogger is spyware that quietly records all of your strokes on a computer or mobile keyboard. While keyloggers can be used for legitimate reasons, cybercriminals can use this technology to steal your login credentials and other sensitive information.
  
  
• A Trojan (like the Trojan Horse for which it is named) is a sneaky form of malware that appears to be a legitimate application or file (like a game, antivirus software or banking app). But, after you install it on your device, it can seize control, stealing your data, disrupting your network and taking other harmful actions.

Social Engineering is a deceptive tactic that uses social interactions—and often psychological manipulation—to obtain your personal information or gain access to your accounts. The fraudster behind a social engineering scam may pretend to be a representative of a legitimate organization. Two common examples, include:

• Phishing is a scheme that typically relies on emails (but can also occur via phone or text) to trick you into providing sensitive information or downloading malware onto your device through clicking on a link or downloading an attachment. Spear phishing is a type of phishing that involves prior research and targets a specific individual or organization with messages that are carefully crafted to appear authentic, making them difficult to detect.
  
  
• Spoofing and phishing often go hand in hand. With a spoofed phone call, the incoming number on your caller ID may falsely display the number of a well-known company or government agency.  A spoofed email will forge the sender address or email header of a reputable entity to fool victims.

Clickjacking: With this attack, a cybercriminal creates an invisible interface layer that’s placed over a legitimate site. If you click on a link on the site and enter your personal information, your data is secretly hijacked by the hacker and the authentic site never receives your information.

Zero-day refers to vulnerabilities in security networks that hackers have discovered and can exploit to attack systems. A “zero-day attack” occurs when bad actors have already taken advantage of the security weakness before it can be fixed.

Bot: A software program that automatically performs simple, repetitive tasks that usually imitate human user behavior. While many bots are harmless, some are programmed to carry out malicious activities, such as hacking your accounts or sending spam.

Learn More

Again, knowledge plays an important role in the ongoing battle against cyberthreats.  We encourage you to take advantage of the educational resources available through our Security Center for more insights about cyber schemes, emerging threats and preventative measures.