Account Takeover

Gaining control of someone else’s online account, often through compromised credentials.

Advance-Fee Fraud

A type of scam where scammers promise large sums of money in exchange for upfront fees (e.g., the Nigerian Prince Letter).

Anonymity Tools

Techniques like VPNs to hide the scammers’ locations.

Authentication

The process of verifying the identity of a user to ensure they are authorized for access.

Authorization

The act of granting permission to access specific resources or perform actions (e.g., logging in to an account).

Bank Account Fraud

Scammers creating fake checks or unauthorized transactions to drain victims’ accounts.

Biometric Authentication

Using physical characteristics like fingerprints, facial recognition, or voiceprints for verification.

Blackmail Extortion

Threatening victims with releasing personal information unless they pay a ransom, which is then used for further fraud.

Bogus Lottery Wins

Scammers offer victims fake prizes or money in exchange for personal details, which are then used fraudulently.

Burner Phones

Prepaid phones discarded after use to prevent tracking

Business Email Compromise (BEC)

Impersonating emails from trusted business partners to trick employees into revealing sensitive company information or making unauthorized transactions.

Carding

Scammers use stolen credit card information for unauthorized purchases or selling data on the black market.

Chatbot

A computer program designed to simulate conversation with human users, especially over the internet.

Cloud Computing

The delivery of computing services over the internet, including storage, databases, networking, software, and more.

Credential Stuffing

Scammers use stolen usernames and passwords from one breach to access other accounts, often exploiting the fact that many users reuse passwords.

Cybersecurity

The practice of protecting systems, networks, and programs from digital attacks.

DNS Spoofing

Altering the domain name system to redirect traffic to a scam site, intercepting transactions or information.

Data Breach

An incident where sensitive, protected, or confidential data is accessed or disclosed without authorization.

Data Encryption

The process of converting data into a code to prevent unauthorized access.

Data Privacy

The protection of personal data from unauthorized access, use, or disclosure.

Data Security

The practice of protecting digital data from unauthorized access, corruption, or theft.

Deception

Intentionally misleading someone to gain their trust or exploit them.

Digital Footprint

The trail of data left behind by a person’s online activity.

Digital Identity

The data that uniquely describes a person and can be used to identify them online.

Digital Signature

An electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document.

Domain Name Spoofing

Registering domains similar to legitimate businesses to phish for information or sell fake products.

Email Fraudulency

Sending mass emails with fraudulent content aiming to steal personal or financial information.

Email Spoofing

Sending fake emails to mimic official communications, tricking victims into revealing sensitive information or making unintended purchases.

End-to-End Encryption

A method of secure communication that prevents third-parties from accessing data while it’s transferred from one end system or device to another.

Endpoint Security

The practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors.

Fake Document Scams

Creating fake documents like diplomas or certificates to defraud people out of money or credentials.

Fake Online Shops

Scammers set up fake websites to sell counterfeit goods or steal payment details.

Firewall

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Forged Documents

Creating fake official documents for financial fraud.

Fraud

The use of deceitful methods to obtain something of value illegally.

Fraudulent Payment Requests

Scammers asking victims to send money for fake goods, services, or lotteries.

Griefing

Manipulating individuals into providing information quickly by causing emotional distress.

Identity Theft

The unauthorized use of another person’s personal information for fraudulent purposes.

Impersonation Scams

Pretending to be someone the victim knows, like a friend, family member, or government official, to manipulate them into giving up money or details.

Incident Response

The process of responding to and managing a security incident or data breach.

Information Security

The practice of protecting information by mitigating information risks.

Internet of Things (IoT)

The network of physical devices, vehicles, home appliances, and other items embedded with sensors, software, and network connectivity that enables them to connect and exchange data.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.

Man-in-the-Browser (MitB) Attacks

Injecting malicious code into a web browser to view and manipulate victims’ browsing activity, stealing information.

Man-in-the-Middle Attacks (MitM)

Scammers intercept communications between two parties to steal financial information.

Money Mule Scheme

Using victims to transfer stolen funds, often through bogus bank accounts.

Multi-Factor Authentication (MFA)

Similar to 2FA, MFA requires more than one form of verification, such as a password, biometric data, or a one-time code from a hardware token.

Open Source Software

Software with source code that anyone can inspect, modify, and enhance.

Overpayment Scams

Tricking sellers into accepting payment for goods but refusing to pay the remaining amount unless scammed into thinking they’re in trouble with a legitimate company.

Password Policy

Rules governing the use and security of passwords, such as complexity requirements or password age limits.

Password Recovery Scams

Scammers impersonate legitimate companies to ask for account verification under the guise of resetting a password.

Pharming

Manipulating a victim’s browser settings to redirect them to a fake site, tricking them into entering personal information.

Phishing

A fraudulent email designed to trick individuals into revealing personal information.

Phishing for Credentials

Fraudulent emails or websites designed to trick users into revealing their login information.

Phony Domain Registrations

Registering domains similar to legitimate businesses for use in scams, either for phishing or selling fake products.

Phony Tech Support

Scammers call victims pretending to offer tech support, tricking them into revealing personal info or selling unnecessary software.

Private Proxies

Using intermediaries to avoid direct detection.

Ransomware

Malware that blocks access to data until a ransom is paid.

Return Fraud

Scammers tricking e-commerce sites into issuing refunds by creating fake returns and using those funds for their own gain.

Romance Scam

A social engineering tactic where scammers build emotional connections to manipulate victims.

Scam

A fraudulent scheme designed to trick individuals into giving up money, information, or both.

Session Management

Techniques used to track and control user access within a system, ensuring secure and reliable authentication over time.

Single Sign-On (SSO)

A system allowing users to log in once to access multiple services, reducing the need for multiple passwords but increasing vulnerability if credentials are compromised.

Smishing

Similar to phishing but uses SMS messages instead of email to trick victims into revealing personal information.

Social Engineering

Manipulating individuals into divulging personal or financial information through psychological tactics.

Social Media Scams

A broad category including scams where scammers use fake profiles or pages to manipulate individuals into sharing information or buying products.

Spear Phishing

A targeted form of phishing where scammers send personalized emails pretending to be from someone the victim knows, making it harder to detect.

Spoofing

Creating fake emails, messages, or documents to deceive individuals.

Tax Scam

Fraudulent schemes promising tax-related benefits or rebates to steal money or personal information.

Token-Based Authentication

A method where a unique token is generated and used to prove the legitimacy of a user session.

Trickery

The use of deceptive tactics to achieve a fraudulent goal.

Two-Factor Authentication (2FA)

A security measure requiring two forms of verification before granting access, such as a password and a unique code sent to a mobile phone.

Unpatched Vulnerabilities

Scammers exploit known security issues in software that haven’t been patched, allowing them access to systems.

Unverified Payment Requests

Scammers asking victims to send money for fake goods, services, or lotteries.

Vendor Fraud

Scammers pretending to be legitimate businesses to defraud suppliers or customers.

Weak Passwords

Simple, easy-to-guess passwords like ‘password123’ that provide little to no security.

Web Application Security

The practice of securing web applications from security threats.

Wire Transfer Fraud

Frauds involving the unauthorized transfer of money using wire transfer methods.

Zero-Day Exploits

Security vulnerabilities that are exploited before the software vendor is aware of them, leaving systems vulnerable to attack.

Zero-Trust Security

A security model where no entity, whether inside or outside the network, is trusted by default, requiring verification for every access request.

Zombie Scams

Scams where victims are repeatedly targeted with fraudulent messages or requests for personal information.

Zoom-Bombing

Unauthorized individuals disrupting Zoom meetings by sharing inappropriate content or taking over the screen.