BEC:  Business email compromise (BEC) is a form of phishing where a criminal attempts to get a worker, customer or vendor to send money or disclose private information by sending a phony email that appears to be coming from a trusted company figure.

Botnet:  (Robot Network):   A group of 2 or more computers controlled and updated remotely, often by a single user to send out spam messages, often including malware.  Most often they are associated with a “denial of service”. This is a newer crime just added to IC3 Reporting in 2022.

Clickjacking:  When a website has been compromised by concealing hyperlinks beneath legitimate clickable content that contains content or malware the user is unaware of.   A user believes they are clicking on one thing but in actuality, they are clicking on another hidden element.

Deepfake: A false simulation of a specific individual’s likeness, which can be either an image, video, or audio presentation, generated with the use of technology and capable of being used for a variety of purposes, including ones derived from malicious intentions.

Malware: A broad term used to describe any type of malicious, invasive software.

Pharming:A type of cyberattack involving the redirection of web traffic from a legitimate site to a fake site for the purpose of stealing usernames, passwords, financial data, and other personal information.

Phishing:  The practice of sending emails or other messages purporting to be from reputable companies or people in order to induce individuals to reveal personal information, such as login credentials and other sensitive information.

Quishing:  Also known as QR code phishing, this type of phishing attack uses QR codes to lure victims into revealing sensitive information. Threat actors create a QR code that looks legitimate, such as one that appears to offer a discount or special offer, but in fact, it directs the victim to a fake website controlled by the attacker.

Ransomware: Malicious programs which block access to a computer or the computer’s data with the intent of extorting money in exchange for a release of the computer or its data.

Sandboxing:  Using a safe environment to run, observe or analyze code.  Often used in an isolated environment the mimics the end-user experience.  It is used to test suspicious programs that may contain viruses or other malware without allowing the software to harm a network.

Scareware: Malware that is typically used to scare users into taking an action with their electronics which tricks the user into opening a vulnerability; for example, scareware can take the form of a pop-up that falsely warns a user that (s)he has been infected with a virus so that when the user clicks the “X” to close the box, (s)he actually first incurs the infection of the virus that (s)he had been afraid of contracting.

SIM Swap:  Using SIM technology to transfer a victim’s phone service to a mobile device in a criminal’s possession.  This is a newer crime just added to the IC3 Reporting in 2022.

Smishing:  This type of phishing uses mobile phones as the attack platform. With smishing, the attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.

Sniffing:  The process of monitoring and capturing all data passing through a network.  It is in essence the unauthorized listening in on network traffic to capture all the data flowing to and from a computer or network.

Social Engineering: A broad term used to describe different types of efforts using human psychology to exploit a person’s vulnerability, rather than employing technology alone, in order to hack into another’s computer, software or data.

Spear Phishing:  This is a more advanced form of phishing. This type of phishing is a specific and targeted attack on a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

Spoofing:An act of disguising a communication from an unknown source as being from a known, trusted source by email, phone calls, websites or computer spoofing an IP address.

Stealthing: Approaches used by malicious code to conceal its presence on an infected system.

Vishing:  Also known as voice phishing, this type of phishing attack is conducted entirely over the phone. The attacker will call a victim and manipulate them into divulging sensitive information such as login credentials, pin numbers or credit card numbers, typically with the goal of accessing financial accounts.

Whaling: A highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

Back to Industry News Blog