Often times when a hacker obtains access to your account, they will study your account habits, account functionality, and your entitlements in an attempt to formulize a strategy to steal your money without being found out.
Advanced Fee Fraud
Any scam that, during its course, requires advanced fees to be paid by the victim; usually these fees are posed as processing fees, bribes, finder’s fees, etc.
Protective software designed to defend your computer against malicious software. and other code that vandalizes or steals your computer contents. In order to be an effective defense, your antivirus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.
A means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes, but an attacker may exploit or use a back door to get unauthorized access to information or install spyware.
A jargon term for a collection of software robots, or bots, which run autonomously and automatically. Put simply, a Botnet is a large collection of infected computers that can be controlled remotely by criminals to aid in conducting illegal activities online. Botnets range in size from a couple hundred computers to billions of computers, and can be used for many attacks including DDOS attacks, spreading spam and malware, Click-Fraud attacks, TDOS attacks, and other malicious activities. Common botnet references include Zues, Torpig, and Conficker.
These scams take many forms, such as work from home schemes, inheritance, lottery, secret shopper, and Internet auction overpayment scams. The common threat is that an unsuspecting victim deposits a check or money order into their bank account then wires a portion of the money to a criminal. By the time the check is confirmed as counterfeit the money has already been wired and picked up by the criminal, leaving the account holder liable for the funds they wired.
Click fraud is an Internet crime where a hacker uses malware that creates illegitimate traffic to a website through pay-per-click links that generate revenue for the hacker.
Corporate Account Takeover
When cyber-thieves obtain access to a corporate or business bank account using stolen credentials. These credentials are usually the result of a successful phishing attack, or installing malware onto the business user's computer. Once they have control of the account, thieves will initiate fraudulent ACH and wire transactions to send money to their own bank accounts, which are usually overseas. These transactions are usually facilitated by one or more Money Mule accounts.
Cross-Site Scripting (XSS)
Denial of Service (DOS), Distributed Denial of Service (DDoS) Attacks
An attack against a web service aimed at making a particular web-site, resource, or network unavailable to customers, employees, or the public. DOS and DDoS attacks are caused when a large botnet is instructed to go to a target website all at the same time, which causes all resources for that website to be used up, crashing that web sites servers and taking it offline.
Drive-By Download Attack
An attack that installs malware on a user's computer without their knowledge when they visit a malicious website.
A way to make data unreadable to everyone except the recipient of a message. Encryption is often used to make the transmission of credit card numbers secure for those who are shopping on the Internet.
A firewall is hardware or software that enforces security on your computer or system. It's like a locked door, preventing dangerous material from getting into the room.
An act that occurs when someone uses your account to make unauthorized purchases. This happens after your card, card number, online credentials or other account details have been stolen
Fraud committed by someone who knows the victim personally, often times by family or friends. This type of fraud is often difficult to detect because the fraudster knows the victim well enough to mimic what could be their real behavior. This type of fraud is often unreported because the victims refuse to involve authorities.
Identity theft (ID theft)
A criminal activity where a thief steals vital information such as your name, birth date, Social Security number, or credit card number to open credit cards, mortgages and other accounts without your knowledge.
The act of hacking or modifying a mobile phone's operating system to allow for unofficial 3rd party or custom programs to be installed onto the device. Jailbreaking is most common for Apple's iOS, the operating system found on iPhone, iPad, and iPod devices. Jailbreaking, although legal, will void your warranty with the manufacturer, and may present security threats to the information on your phone or mobile device.
Keystroke logger (Keylogger)
Hardware device or software program that records each key being struck on a keyboard. Marketed as a way for parents to monitor their children's activities on a computer, keystroke loggers are often downloaded unwittingly by users who click on malicious links in emails, or on websites. Keyloggers operate in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. The keystroke logger then records the keystrokes and periodically uploads the information over the Internet. See also Spyware, Trojan horse.
Malicious software designed to covertly infiltrate or damage a computer system. This includes viruses, worms, Trojans and spyware. Malware may be distributed through a variety of means. A few examples are email attachments, links in email or on social networking sites, and downloads from file sharing sites.
Man-in-the-Browser Attacks (MITB)
An advanced attack that allow a perpetrator to intercept browser activity, often times through use of a proxy, to capture information, modify cookies, and intercept banking sessions without the user's knowledge of their presence.
Man-in-the-Middle Attacks (MITM)
An attack where the perpetrator inserts themselves in between a user and a recipient in order to intercept and modify messages and transactions without either the sender or recipient's knowledge of their presence.
An account that transfers money from one country to another. Money mule's are often used in Corporate Account Takeovers as the intermediary account where stolen money is transferred to before being sent overseas. Money Mule account owners are usually victims to online scams advertising jobs such as "payment processing agents," "money transfer agents," "local processors," and other similar titles. Mules usually have no idea the money they are being transferred in and out of their account is stolen, or that their account is being used criminally.
New Account Fraud
Type of identity fraud where a fraudster uses a victims identity to open a fraudulent new account.
Out of Band Authentication
A method of verifying a user's identity through a channel other than the webpage they are currently on such as e-mail, phone call, or text message.
A software update meant to fix problems with a computer program. This can range from fixing bugs, to replacing graphics, to improving the usability or performance of a previous version.
Pharming attacks happen when a hacker is able to redirect users to a bogus website, even if they typed the web address correctly. This is usually possible after a user has unknowingly downloaded malicious code to their PC.
An online identity theft scam. Typically, criminals send emails that look like they're from legitimate sources, but are not. The fake messages generally include a link to phony, or spoofed, websites, where victims are asked to provide sensitive personal information. The information goes to criminals, rather than the legitimate business. See also Spoofing.
Pop-up ads (pop-ups)
Unsolicited advertising that appears as a "pop-up" window on a computer screen. Sometimes these can be created to look like a financial institution's request for personal information.
The act of collecting personal information about a potential victim by a fraudster, often under the guise of the user themselves. An example of pretexting would be a criminal calling a bank posing as the customer in order to obtain information about that user's account.
The policy under which a company operating a website handles personal information collected about visitors to the site.
Secure Socket Layer (SSL)
SSL technology secretly encodes information that is sent over the Internet, helping to ensure that the information remains confidential.
Once the server session is established, the user and the server are in a secured environment. Data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.
A software program that corrects known bugs or problems, or adds new features to a software program already installed on your computer.
Captures the track data from the magnetic stripe on a credit card, Debit Card or ATM card via a device that is illegally added to the ATM card-swiper. A criminal installs a "card skimmer” on an ATM over the existing slot to insert your card. They then capture your cards information wirelessly as it passes through the skimmer. Often times the crooks will also set up a small wireless camera nearby to capture your PIN number.
SMS text Phishing. A text message that appears to be sent from a legitimate source, such as a bank or credit card company, the goal of which is to gain personal details. The message will typically be an urgent appeal to call a phone number or follow a link in the message. The phone number or website will then ask for sensitive account or personal information.
Social engineering is the manipulation of people to divulge sensitive information to computer hackers. Typically social engineering occurs when a criminal calls employees of a business and pretends to be someone they are not, such as a member of IT or manager, and tries to get the employee to give them information such as passwords, usernames, email addresses, account numbers, or any other sensitive information a hacker might be interested in.
Unsolicited "junk" email sent to large numbers of people to promote products or services.
A targeted phishing attempt specifically aimed at a particular victim or group of victims.
An online identity theft scam. Typically, criminals send emails that look like they're from legitimate sources, but are not (phishing). The fake messages generally include a link to phony, or spoofed, websites, where victims are asked to provide sensitive personal information. The information goes to criminals, rather than the legitimate business. See also Phishing.
Spoofing can also reference hackers who change or spoof their credentials, such as IP address, email, or MAC address, to look like it belongs to a legitimate person. Another popular form of spoofing is falsifying caller ID information so that when a cyber-thief calls the banks, it appears to be from the real account holder.
A program that is loaded onto your computer without your knowledge. These programs gather information from your computer activities and send it to an unknown source. These programs are especially dangerous when capturing financial information that can be used to commit fraud.
A TDOS attack happens when hackers unleash an assault of thousands of calls to a user with the intention of distracting them while they are gaining unauthorized access to the user's account, or preventing a financial institution from being able to contact the user to report suspicious activity.
Trojan horse (Trojan)
An apparently legitimate software a user downloads that may contain hidden malicious code allowing a hacker access to that user’s computer. Trojans take many forms and can have many different intentions such as installing keyloggers, opening backdoors, and stealing information. See also Spyware.
Although often used as an umbrella term for any malicious file or malware introduced to a computer by a hacker, a virus is a actually a file that is able to copy itself to other computers and keeps making copies of itself in order to use of system resources and bring the system to a halt.
Voice Over Internet Protocol Phishing - A phone call that appears to be coming from a legitimate source, such as a bank or credit card company, the goal of which is to gain personal details. The caller id on the victim's phone will show a legitimate business name and number, while a criminal is really on the other end of the line. The criminal will pose as a representative of the company and ask the victim to confirm account details and other sensitive information.
Voice Over Internet Protocol is a way to make and receive phone calls using a broadband internet connection instead of a traditional phone line.
The act of searching for unprotected wireless networks, often in a moving vehicle. Once criminals find open networks, they will connect to them in order to steal information from that network, or to perpetrate fraudulent activity from that network in order to mask their true identity.
Phishing attacks aimed specifically at senior executives and other high-profile business targets.
Typically, a malicious program that reproduces itself over a network and uses up computer resources or shuts down the system. A worm is different that a Virus because it does not require user interaction in order to infect and spread itself.
A term referring to a specific type of botnet.