Terms to Know




Adware is software that displays advertisements on a device, redirects the user’s search requests and collects marketing data about the user. Adware may collect data with or without the user’s consent. If the adware does not notify the user that it is gathering data and obtain permission, it is considered malicious.

Affinity Fraud

Affinity Fraud refers to investment scams that prey upon members of groups and organizations, such as religious or ethnic communities, the elderly or professional groups. The fraudsters who promote affinity scams frequently are – or pretend to be – members of the group. These scams exploit the trust and friendship that exist in groups of people who have something in common. 


An anonymizer attempts to make Internet activity untraceable. It hides the client computer’s identifying information by inserting a proxy server computer between the client computer and the rest of the Internet.

Anti-Virus Software

Anti-Virus Software detects, prevents, and removes viruses, worms, and other malware from a device. Anti-virus programs typically include an auto-update feature so that updated profiles of new threats can be downloaded, enabling the system to identify new threats. One anti-virus program might find a certain virus or worm while another cannot, or vice-versa.


Authentication is the process that ensures and confirms a user’s identity. It may require a username and password, or biometrics (such as a fingerprint). Two-factor authentication requires a combination of two different factors: 1) something the user knows (e.g., password), 2) something the user has (e.g., ATM card), or 3) something the user is (e.g., fingerprint).



A backdoor allows a user or a hacker to bypass system security mechanism to access a computer or its data. 

Behavioral biometrics

Behavioral biometrics relate to your personal habits and unique movements. Examples of behavioral biometrics include signature dynamics (how you sign), the unique patterns of your voice, your keyboard typing patterns, your gait and your gestures.


BitTorrent is a protocol that makes downloading large files faster on peer-to-peer (P2P) file-sharing networks.  Downloading a large file from one source can be very slow, so the BitTorrent system will locate multiple computers with the same file and download it in parts from several computers at once.


A bot is malware that allows an attacker to take control over an infected computer. Bots are usually part of a network of infected machines, called a “botnet.” Botnets might involve a few thousand computers, but others consist of tens or even hundreds of thousands of infected devices. If your computer is part of a botnest, it might slow down, display mysterious messages, or even crash.


Just as users connect to the internet, so, too, do bots. The term “botnet” is a contraction of the term “robot network” and describes a phenomenon whereby a network of computers is infected by malware. This allows an attacker to command a series of attacks from coordinated access points to carry out email spam, DDoS attacks and targeted intrusions.


Brushing is a technique sometimes used to boost an online seller’s ratings by creating fake orders and reviews. The scammer creates fake accounts and has products sent to real people. The scammer then leaves reviews using the names on the fake customer accounts to artificially boost their products.

Brute force attack

A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force). The hacker uses millions of user ID and password combinations in an attempt to find one that works.

BYOD (Bring Your Own Device)

BYOD (Bring Your Own Device) refers to the trend of employees using their own devices (e.g., smartphones, laptops, tablets, etc.) in the course of doing their jobs.



Catfishing is a term for a person who pretends to be someone else online. A catfish uses fake photos, and sometimes a false persona, to find friends or romantic partners on the internet. The term comes from a 2010 documentary in which the filmmaker presented his own experience of being tricked online. He then created an MTV show that investigates catfishing cases.

Charge Off

A Charge Off is a debt that the lender has determined is unlikely to be repaid by the borrower. This does not, however, mean that the borrower does not have to repay the debt.

Chief Information Officer

The Chief Information Officer (CIO) oversees the people, processes and technologies within a company’s IT organization to ensure they deliver outcomes that support the goals of the business.


Individuals under the age of 13 constitute a unique class in data privacy regulations. With the passage of  The Children’s Online Privacy Protection Act (COPPA), parents gained control over what information websites were allowed to collect from their children. Conversely, because children have been deemed to be unable to consent to data collection, their parents must provide this consent in their place. 

Children’s Online Privacy Protection Act of 1998 (COPPA)

The Children’s Online Privacy Protection Act of 1998 (COPPA) describes the requirements regarding online collection of personal information about children under 13 years of age (including children outside of the U.S., if the company is U.S.-based) by persons or entities under U.S. jurisdiction.


In the world of data privacy, consent can be issued in one of two forms: implicit or explicit consent. On the former, the user is made aware that data collection has occurred; by continuing to use these services, they implicitly consent to continued collection. On the latter, the user has actively clicked, acknowledged, or otherwise indicated their explicit consent to data collection. 


Cookies are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies may be used to remember information submitted by the user, such as name and address, passwords and other data.

Credit Bureaus

Credit Bureaus research the credit history and behaviors of borrowers. They collect credit-related data (such as credit use and repayment history) and non-credit data (such as employment history) from financial institutions, banks, credit card companies, and even utilities and phone companies. They use this data to create credit reports and credit scores. Major credit bureaus in the United States include Equifax, Experian and TransUnion.

Credit Freeze

Also called a security freeze, a credit freeze limits access to your credit report. This can make it more difficult for identity thieves to open new accounts using your name. Under federal law, credit freezes are now free.

Credit Report

A credit report contains personally identifiable information (PII) along with the consumer’s credit activity, loan paying history and status of any credit accounts. Most people have more than one credit report. In addition to the “big three” credit agencies (Equifax, Experian and TransUnion) there are nearly 40 agencies that report on banking, medical, insurance and other records. In addition to being used by lenders to determine creditworthiness, credit reports may be used by insurance companies, utilities, insurance companies and landlords.

Cross-Border Data Transfer 

This type of transfer occurs when data moves from one country (and jurisdiction) to the next. To account for privacy law differences between nations, these transfers carry their own regulations. For example, when the European Union (EU) passed the General Data Protection Regulation, it codified several rules that non-EU organizations must observe when receiving EU members’ data.


Cyberbullying is bullying that takes place over digital devices such as cell phones, computers, and tablets. Cyberbullying can occur via SMS, text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying may include sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else to cause embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.


Data Broker

These organizations build their businesses by buying and selling individuals’ personal data to outside organizations, thereby turning a profit. Consumer privacy watchdogs argue that these transactions often occur without any oversight or accountability. This is because data brokers are neither incentivized to protect your personal information nor ethically obligated with respect to whom they sell it. 

Denial of Service (DOS)

A Denial of Service (DOS) attack involves hackers attempting to prevent legitimate users from accessing a website or online service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses, thus tying up the network’s resources. The primary goal of a DoS attack is not to steal information but to slow or take down a web site. The attackers’ motivations are diverse, ranging from simple fun, to financial gain and ideology (hacktivism).

Dumpster Diving

Dumpster Diving involves searching through trash or garbage looking for information that can be used to access a computer network or steal someone’s identity.


Electronic Funds Transfer Act (EFTA)

The Electronic Funds Transfer Act (EFTA), also known as Regulation E, was implemented in 1979 to protect consumers when they use electronic means to manage their finances. This includes the use of ATMs, debit cards, direct deposits, point of sale transactions, transfers initiated by phones and pre-authorized withdrawals from checking or savings accounts. 

The EFTA provides protections such as allowing consumers to have errors corrected within a 45-day period with limited financial penalties. EFTA outlines requirements for banking institutions and consumers to follow in correcting errors. It also requires banks to provide certain information to consumers and defines how consumers can limit liability in the case of a lost or stolen card.


Emoji are small digital images or icons used to express an idea or emotion, typically used in text messages. You can see many popular emojis and their meanings at Emojipedia.org.


Encryption is a method of encoding data so that only those with access to a secret key or password can read it. Encryption protects data confidentiality as it is stored on computer systems and transmitted over the internet or other computer networks.

Equal Credit Opportunity Act (ECOA)

The Equal Credit Opportunity Act (ECOA) prohibits discrimination in any aspect of a credit transaction based on race or color, religion, national origin, sex, marital status, age or because you receive public assistance.

EXIF (Data Exchangeable Image File) Format

EXIF (Data Exchangeable Image File) Format is a standard means of tagging image files with metadata or additional information about the image. Such metadata may include the exposure time (shutter speed), f-number (aperture), ISO setting, flash (on/off), and the date and time.  Many smartphones and some newer digital cameras also include GPS information, which is used for “geotagging” photos with the location where the photo was taken. EXIF is supported by both the TIFF and JPEG image formats, and is commonly found in JPEG images captured with digital cameras.



A firewall allows or blocks traffic into and out of a private network or computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company’s public server from its internal network, and to keep internal network segments (e.g., accounting records) secure.

Fileless Malware

Fileless malware is among the most sophisticated types of malware attacks. The reason is because it does not require its victims to download a file: instead, it utilizes legitimate processes in your system, such as memory, in which to nest itself and attack. No files means there is no footprint, which is what allows these attacks to sneak past traditional security systems like antivirus software.


Flaming is hostile online communication that involves insulting messages, or flames, between users. Flaming may occur in internet forums, chat rooms, social networks and games.



A geotag is metadata that contains geographic information. For example, photo geotags may include latitude, longitude, altitude, compass bearing and other attributes. Smartphones and many cameras automatically geotag photos, or tags may be added manually.


Geofencing uses GPS, RFID, Wi-Fi or cellular data to trigger a pre-programmed action when a mobile device or RFID tag enters or exits a virtual boundary set up around a geographical location, known as a geofence. For example, an app may display a coupon when a customer enters within a certain range of a retail location.

Grandparent Scam

In the Grandparent Scam, the scammer contacts the victim posing as a relative or someone claiming to represent the relative (such as a lawyer or law enforcement agent). The fake “relative” claims she is in trouble and needs the grandparent to send funds that will be used for bail money, lawyer’s fees, hospital bills or another fictitious expense.


Grooming is a preparatory process in which a predator gradually gains a person’s trust with the intent to be sexually abusive. The victim is usually a child, teen, or vulnerable adult.


Hard Inquiry

A Hard Inquiry to your credit history is triggered when you apply for credit, such as a mortgage, credit card, auto loan, student loan or personal loan. If you are only looking for pre-qualification to decide whether to apply, or when you check your own credit, it is considered a soft inquiry. A hard inquiry may affect your credit score for a period of time (e.g., less than a year).

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.


A honeypot is a decoy computer system that serves as a target to lure cyber attackers. Honeypots are designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet.



Impersonation Callers claim to be with the IRS, using fake names and bogus IRS badge numbers. They may know a lot about the target, and they may alter the caller ID to make it look like the call is coming from the IRS. Victims are told they owe money to the IRS and it must be paid promptly through a gift card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license.  Victims may be told they have a refund due to try to trick them into sharing private information.

Imposter Scam

An Imposter Scam involves a scammer pretending to be someone you trust in order to get money or personal information from you. They may claim to be from the government or a trusted company or even claim to be someone you know.

Internet of Things (IoT)

Internet of Things (IoT) refers to the network of devices that feature an IP address for internet connectivity, allowing them to communicate with each other and other Internet-connected devices. The IoT may include security systems and cameras, thermostats, cars, appliances, lights, vending machines and more.

ISP (Internet Service Provider)

An ISP (Internet Service Provider) is a company that provides its customers with access to the Internet and that may also provide other Internet-related services (such as e-mail accounts).

IP Address

An IP address is the “digital address” that allows a device to connect with other devices on the Internet. It is a numeric address (such as that is assigned to every single computer, printer, switch, router or any other device that is connected to the Internet.



Have you ever felt like there was someone out there tracking your every move? With keylogging, this is 100% possible. A pernicious spyware capable of recording every keystroke you make, this cybercrime allows attackers to take your passwords, bank account information and more. The good news is that keyloggers function like any other malware, so make sure you do not open any suspicious attachments.



A LAN (Local Area Network) is a network of connected devices that may be found in homes, businesses or educational institutions. A LAN may be wired, wireless, or a combination of the two.


Medical Identity Theft

Medical identity theft is when someone uses another person’s personal information (such as their name, Social Security number, or Medicare number), to obtain healthcare or submit fraudulent claims to Medicare and other health insurers. Medical identity theft is not just a matter of dollars and cents. Fraudulent use of health insurance can result in false medical history and endanger the health of the person whose identity was stolen.


Metadata is “data about data.”  Metadata for a document may include such elements as file size, date created, author name, etc. that help to identify and locate data. You might think of it like a library card catalog for data files.

Mobile malware

Mobile malware is malicious software that specifically targets the operating systems on mobile devices.

Money Laundering

Money Laundering involves disguising the proceeds from illegal activities so they can be used without detection of the criminal activity that produced them. Through a series of transactions, often involving persons who are unaware of the source of the money, the criminal transforms the illegally obtained money into funds with an apparently legal source.


Nigerian 419 Scams

Nigerian 419 Scams start with a letter or email offering the victim the “opportunity” to share in millions of dollars that the scammer—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. It is called a 419 fraud in reference to section 419 of the Nigerian criminal code.


Opt-in & Opt-out

Opt-inOpt-out are express permission by a customer, or a recipient of a mail, email, or other direct message to allow a marketer to send (Opt-in) (or to stop the sending of (Opt-out)) merchandise, information, or more messages. Opt-in or opt-out policies may apply to issues from email subscriptions to overdraft protection to class action lawsuits to organ donation.



Packet is a small amount of data sent over a network such as the Internet. As with a physical package, each packet includes a source and destination as well as the data being transferred. When the packets reach their destination, they are reassembled into a single file or other contiguous block of data. While the exact structure of a packet may vary, a typical packet includes two sections — a header and payload.


Ever wonder how the good guys determine whether their defenses can keep the bad guys out? One key method is via pen-testing. Short for “penetration testing,” this method simulates a cyberattack against your system to check for vulnerabilities. Pen-testing is a lot like playing chess against yourself: if you cannot defend against attacks you can anticipate, how can you defend against your opponent?


Phishing attempts to trick an email recipient into believing that the email is from a trusted sender — a request from their bank, a notice from an online vendor, or a memo from someone in their company — and to click a link or download an attachment. When they do so, they may be asked to enter confidential information (such as logins and passwords) or they may download malware to their computer.

Ponzi Scheme

A Ponzi Scheme pays existing investors with funds collected from new investors. Ponzi scheme scammers often promise to invest victims’ money and generate high returns with little or no risk. But in many Ponzi schemes, the fraudsters instead use the money to pay those who invested earlier and may keep some for themselves. Ponzi schemes require a constant flow of money from new investments to survive. When it becomes hard to recruit new investors, or when large numbers of existing investors cash out, these schemes tend to collapse. Ponzi schemes are named after Charles Ponzi, who duped investors in the 1920s with a postage stamp speculation scheme.


Pretexting involves getting the target to disclose personal information, such as their Social Security number (SSN), telephone records, bank or credit card numbers, or any other information, under false pretenses. The scammer may make it appear they already have some of your personal information or they may pretend to be someone they are not.


Pseudonymity is the near-anonymous state in which a user has a consistent identifier that is not their real name: a pseudonym. In pseudonymous systems, real identities are only available to site administrators.

Publicly Available Information

This information is best understood as what is generally available to the public. Lawful examples include: information obtained from government records, information made available by users or information released by an authorized discloser. The distinction between public and personal is crucial as data privacy regulations treat publicly available information differently than they do personal information. 


Radio Frequency Identification (RFID)

Radio Frequency Identification (RFID) refers to a wireless system of tags and readers. The reader is a device that has one or more antennas that emit radio waves and receive signals back from the RFID tag. Tags use radio waves to communicate their identity and other information to nearby readers.

Revolving Credit Accounts

Revolving Credit Accounts allow you to borrow against and pay off a credit line repeatedly without having to apply for a new loan. Examples of revolving credit accounts include credit cards, personal lines of credit and home equity lines of credit (HELOCs).



Scareware is malware that creates fear in a user that causes them to install useless or malicious software. It may begin with a pop-up ad indicating that the user’s computer is infected with a virus or otherwise at risk. If the user falls for the scam, they may download fake anti-virus software, malware or ransomware.

Script Kiddies

Script Kiddies is a derogatory term for unskilled hackers, often juveniles, who use scripts or programs developed by others to attack computer systems. It is generally assumed that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.

Shoulder Surfing

Shoulder Surfing involves looking over a person’s shoulder to gather personal information (such as credit card numbers, user names and passwords) while the victim is unaware. This is especially effective in crowded places where a person uses a computer, smartphone or ATM.

Skimmer Devices

Skimmer Devices A skimmer is a card reader that can be hidden to look like part of an ATM. The skimmer collects card numbers and PIN codes, which are then replicated into counterfeit cards.


Smishing is similar to phishing but is when someone tries to trick you into giving them your private information or downloading malware via a text or SMS message.


Packet sniffing captures data as it is transmitted over a network. It may be used by system administrators to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames.

Social Engineering

Social Engineering involves manipulating people so they give up confidential information, such as passwords or bank information, or allow access so the bad guys can install malicious software. Social engineering takes advantage of the fact that the weakest link in any security system is the human operator.

Synthetic identity theft

Synthetic identity theft involves creating a fraudulent identity from a combination of real and fictitious information. For example, a criminal may use a real Social Security number along with a fake date of birth and other data to create the identity of a person who does not actually exist.


Text Bombing

Text bombing is the practice of rendering a person’s phone unusable by way of mass texting hundreds or thousands of the same message, often slowing down or crashing their device. The contents of the text bomb don’t always matter but can include anything from a prank message to gibberish to encouraging suicide. Text bombing campaigns can end in an hour, or last for weeks.

Two-factor Authentication (2FA)

Two-factor Authentication (2FA) requires a user to have two out of three types of credentials before being able to log in to an account, adding an extra layer of security. The three types are: something you know (such as a PIN or password); something you have (such as an ATM card, phone, or fob) and something you are (such as a fingerprint or voice print).


Virtual Private Network (VPN)

A Virtual Private Network (VPN) connects you to the internet via a server run by a VPN provider. All of the data traveling between your device and this VPN server is securely encrypted. As a result, VPNs: make your internet activity private, allow you to evade censorship, enable you to access services blocked to your physical location and protect you against hackers when using public WiFi.



Warez is a term that refers to pirated software distributed over the Internet.

Wire Fraud

Wire Fraud is similar to regular fraud, except that it takes place over phone lines or involves electronic communications. The legal definition of wire fraud has four elements:

  • The defendant created or participated in a scheme to defraud another out of money or property;
  • The defendant did so with intent to defraud;
  • It was reasonably foreseeable that the defendant would use wire communications; and
  • The defendant did in fact use interstate wire communications, which could mean telephone calls, faxes, internet communications, or even television transmissions.



A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and fixes it—this is called a zero day attack.