Security GlossaryBelow is a list of common terms you may need to know to help keep your finances and identity protected.
Anti-Virus – A security program that can run on a computer or mobile device and protects you by identifying, stopping, removing and/or preventing the spread of various malware on your system. Anti-virus software cannot detect all malware, so even if it is active, be cautious of opening files, clicking links, or visiting websites of questionable origin. Sometimes anti-virus tools are called 'anti-malware', because these products are designed to defend against various types of malicious software.
Authentication – The process of identifying an individual, typically by means of a username and password combination and authorizing access to secured data.
Bot – A compromised computer system used by malicious attackers to send spam and perform attacks across the internet. These machines typically belong to users that have no idea that their computer is infected nor the activities that the machine performs from their internet connection. Also known as zombies.
Drive-by Download - These attacks exploit vulnerabilities in your browser or it's plugins and helper applications when you simply surf to an attacker-controlled website. Some computer attackers set up their own evil websites that are designed to automatically attack and exploit anyone that visits the website. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack.
Exploit - Code that is designed to take advantage of a vulnerability in software. An exploit is designed to give an attacker the ability to execute additional malicious programs on and/or remotely control the compromised system or to provide unauthorized access to affected data or application.
Firewall - A security program that filters inbound and outbound network traffic. It is the gatekeeper between your computer and the internet and determines which traffic can pass through. Almost all computers and wireless routers today come with firewall software.
Keylogger - (See: Spyware)
Malware - Stands for 'malicious software'. Malware is a generic term and includes any type of virus, worm, trojan or other types of malicious code. It is any type of code or program cyber attackers use to perform malicious actions like infecting your computer with a virus or installing a keylogger in an attempt to get usernames and passwords.
A note on malware: Malware can vary by type based on their capabilities and means of propagation. These technical distinctions between different types of malware are becoming less relevant, because modern malware often combines characteristics from each of them in a single attack.
Patch - A patch is an update to a vulnerable program or system. A common practice to keep your computer and mobile devices secure is installing the latest vendor's patches in a timely fashion. Some vendors release patches on a monthly or quarterly basis. Therefore, having a computer that is unpatched for even a few weeks could leave it vulnerable.
Phishing - Phishing is a social engineering technique where cyber attackers attempt to fool you into divulging your personal information (name, ssn, account numbers, answers to security questions...etc) in response to an e-mail.
(see FAQs for more detail on Phishing)
Social Engineering - A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.
Spam - Unwanted or unsolicited emails, typically sent to numerous recipients with the hope of enticing people to read the embedded advertisements, click on a link or open an attachment. Spam is often used to convince recipients to purchase illegal or questionable products and services, such as pharmaceuticals from fake companies. Spam is also often used to distribute malware to potential victims.
Spear Phishing - Spear phishing describes a type of phishing attack that targets specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization or who patronize the same business. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling the victims.
Spyware - A type of malware that is designed to spy on the victim's activities, capturing sensitive data such as the person's passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim's keyboard activity and transmitting the captured information to the remote attacker.
Trojan - Short for "Trojan Horse" (check your Greek Mythology) , this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could have malicious code that can infect your computer once you install it.
Virus - A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, spread through human interaction, such as opening an infected file or application.)
Vulnerability - This is a weakness that attackers or their malicious programs may be able to exploit. For example it can be a bug in a computer program or a misconfigured webserver. An attacker or malware may be able to take advantage of the vulnerability to gain unauthorized access to the affected system. However, vulnerabilities can also be a weakness in people or organizational processes.
Worm - A type of malware that replicates itself without requiring any human interaction for it to spread. Worms often spread across networks, though can also infect systems through other means, such as USB keys.