Glossary of Internet Fraud and Scam Terminology

Remember, NO large company will ask you for personal information over the internet or phone.

When in doubt hang up and call that company directly or call/email/test Aenigma.

As the internet expands, so do the ways criminals find to abuse it. The best way to protect yourself and your business is to be diligent about how, where, and when you share information. Cybersecurity has become a huge issue. No matter how good your technological defenses are, it is usually a person, not a machine, that gives up access to a system.

We’ve assembled a list of terminology used to describe internet scams and fraud online. Familiarize yourself with these types of scams to keep yourself, your family, and your business safe.

Account Takeover – When a hacker or criminal has logged in to a victim’s account and changed the email address or PIN, leaving the original user no way to access the account

Baiting – A type of scam that prompts the user to click on something like “You have just won! Click here to claim your prize”

Bot – A web robot, or computer program, that takes over a machine (real or virtual) when it gains access. Bots are a type of malware, or software used for malicious intent.

Botnet – A series of devices connected via the internet, each running one or more bots, like an army of malicious programs. Botnets can be very powerful bringing down large-scale systems by attacking all at once. Often used in DDoS (Distributed Denial of Service) attacks on servers or systems connected on the Internet of Things.

Brute-force attack: A hacking method to find passwords or encryption keys by trying every possible combination of characters until the correct one is found.

Catfishing – The act of creating a fake account with someone else’s pictures and details and then using that account to lure victims. Though sometimes innocently used to meet people, Catfishers are often looking to extort something, be it data, images, or money.

Clickjacking – When a link is presented as one website, but the final destination is a different web address. Ex: It says “Unsubscribe” in the email but clicking the link sends your email address to another company for spamming.

DoS or DDoS – Denial of Service or Distributed Denial of Service. An attack where a system hits a website or service to the point that it can’t handle all the requests and it shuts down. Distributed Denial of Service comes from multiple machines or a botnet.

 Drive-by download: The downloading of a virus or malware onto your computer or mobile device when you visit a compromised website — it happens without your clicking on anything at the site.

Email Spoofing – When an email appears to be from a person you know but it is from a criminal instead. This is an easy scam on handheld devices because their email programs frequently display only the sender’s name and not their email address. An email’s display name is easily changed. If the emails seem suspect, check the return address.

Grooming – When a criminal uses data that they have on unsuspecting victims to gain trust with them online. The data often comes from social media or public links that users are unaware of. Ex finding friends names, events attended, or personal information to open a conversation.

Ghosting: Theft of the identity of a deceased person to fraudulently open credit accounts, obtain loans or get utility or medical services in the person's name.

Hacker – A computer savvy person that knows that to break into systems or defy rules of computer programs. The term is typically used to refer to criminals but is divided by 3 categories: Black Hats who are malicious, Grey Hats who are neither good or bad but hack because they can, and White Hats who look for breaches to help fix them.

Hash busters: The random words or sentences contained in spam emails that allow these emails to bypass your spam filters.

Keylogger: A clandestine program that logs sequential strokes on your keyboard and sends them to hackers, so they can figure out your log-in credentials.

Malvertising: Malicious online advertising that contains malware — software intended to damage or disable computers.

Malware – Software installed on a computer that has malicious intent. Depending on the design, malware can turn on cameras/microphones, steal data, corrupt data, or connect to other computers on a system.

Man-in-the-Middle Attack – An intercept in data from the user to the intended recipient. Frequently used in public WiFi, a Man-in-the-Middle attacker can intercept data from a user to the WiFi they are connecting to without the user even knowing.

Pharming – When a hacker is able to redirect a real web address to a fake one. This complicated scam is done by changing the files on the website host. The user types the address in properly but ends up on a duplicate site hosted by the criminal. This is extremely rare.

Phishing – A fake login screen that is a duplicate of a legitimate one. Criminals use the entered username and password to gain access to the real site. The user commonly links to the phishing site through an email that prompts them to login in via a link.

Pretexting – A method of social engineering where the criminal lies about their role or intent to get additional information on someone. Ex “I’m calling to confirm a reservation, but I seem to have lost the dates, can you please let me know what they are?”

Ransomware – A type of malware that locks a computer or device and then demands a paid ransom to unlock it.

Scareware – A series of warning messages that pop up on a computer that makes it appear as though the user has a virus or has downloaded malware. Ironically it is the act of clicking on Scareware or calling of 1-800 numbers is what gives the criminal access.

Social Engineering – Using human interaction and/or information to gain access to a system. Very effective when used in conjunction with any other scam such as phishing, or grooming. Examples are anywhere you fool someone into thinking you know more than you do, or you are someone you are not, to get them to give up extra information.

Smishing: Phishing attempts that go to your mobile devices via text message, telling you to call a toll-free number. Named for SMS (short message service) technology.

Skimming: The capture of information from the magnetic stripe on credit and debit cards by "skimmer" devices that are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.

Spear Phishing – A targeted phishing attempt at a specific user or company. Spear phishing is the leading cause of cybersecurity breaches with human involvement.

Spoofing: Any situation in which a scammer masquerades as a specific person, business or agency, but typically meaning the manipulation of your telephone's caller ID to display a false name or number.

Spyware – A type of malware that is designed to spy on the data or keystrokes from a machine or device.

Typosquatting  – When a criminal sets up a website that is similar to a legitimate site and has a slightly different web address in the hopes of catching people who make mistakes in spelling the website name. Ex. If you set up to trap people who misspell Amazon.

Troll – A person whose intent is to cause trouble or make people angry online. Not usually out to scam but can use some scamming techniques. All of the major networks provide easy ways to report trolls on their systems.

Vishing: Short for "voice phishing," the use of recorded phone messages intended to trick you into revealing sensitive information for identity theft.

Whaling: Phishing attempt on a "big fish" target (typically corporate executives or payroll departments) by a scammer who poses as its CEO, a company attorney or a vendor to get payments or sensitive information.

Scam Glossary of Internet Fraud