Some common online security terms
A
adware
Programs that allow targeted advertising to be displayed on a customer’s computer. Some companies can misuse adware by failing to obtain customer consent to the advertising or to the tracking of customer’s internet activity.
anti-virus software
Anti-virus software is designed to detect incoming viruses (typically via email) and prevent them from infecting the PC. New viruses can spread very quickly, so you should ensure that your anti-virus software is always running and is updated on a regular basis.
B
botnet
Botnet (or botnet army) is a jargon term for a collection of software robots, or “bots,” which run autonomously. The word is generally used to refer to a collection of compromised computers (called zombie computers) running malicious programs such as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet’s originator (aka “bot herder”) can control the group remotely, usually for criminal purposes.
browser
Short for Web browser, it is a software application used to locate and display Web pages. The most popular browsers are Mozilla® Firefox and Microsoft® Internet Explorer, Google Chrome, Apple Safari and Opera.
C
cookies
Cookies are small files stored on a computer’s hard drive. Cookies are generally harmless and are used to recognize a user so that they can receive a more consistent experience at a website. Cookies can contain information about your preferences that allows customization of a site for your use.
cross-site scripting (XSS)
The execution of script from one site in the context of a Web page from another site. This was not considered to be a problem in the basic design of the Web, but XSS has often come to be used for security attacks.
D
digital certificates
A digital certificate is an electronic means of establishing your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify the certificate holder.
dumpster diving
Thieves rummage through trash looking for bills or other paper that includes your personal information.
E
email security
Sending email is not a secure means of communication. External email is delivered in a series of hops across multiple routers and servers on the Internet. Never include customer information (account numbers, social security numbers, personal identification numbers, etc.) in an unsecured email transmission
encryption
Encryption converts your data into an encoded form before it’s sent over the Internet, stopping unauthorized users from reading the information. We use 128-bit SSL Encryption, which is accepted as the industry standard level. You know that your session is in a secure encrypted environment when you see https:// in the web address, and when you see the locked padlock symbol at the bottom right corner of your browser window.
enhanced security login
Provides security at login, no matter what computer you sign in from, using additional end user authentication that helps to protect against online fraud.
F
firewall
Software or hardware designed to prevent unauthorized access to or from a private network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
H
hacker
A person who either breaks into systems for which they have no authorization or intentionally oversteps their bounds on systems for which they do have legitimate access. Any unauthorized individual who attempts to penetrate information systems; to browse, steal, or modify data; deny access or service to others; or cause damage or harm in some other way.
I
identity theft
The act of stealing personal information about you, such as your Social Security Number, date of birth, credit card numbers, etc. and using that information to impersonate you. The identity thief will generally obtain credit using your name and other identifiers. This is one of the fastest growing types of consumer fraud. The Federal Trade Commission (FTC) has estimated that, during 2003, almost ten million Americans discovered they were the victims of identity theft, with a total cost to businesses and consumers of over $50 billion.
intranet
A network belonging to an organization, usually a corporation, accessible only by the organization’s members, employees or others with authorization. An intranet Website looks and acts just like any other Website, but the firewall surrounding an intranet fends off unauthorized access.
intrusion detection
A security service that monitors and analyzes system events to find and provide real-time or near real-time attempt warnings to access system resources in an unauthorized manner. This is the detection of break-ins or break-in attempts, by reviewing logs or other information available on a network.
K
keystroke capturing/logging
Anything you type on a computer can be captured and stored. Such covert activity can be via a hardware device attached to the PC or by software running almost invisibly on the machine. The risk of encountering such keystroke logging is greater on PCs shared by a number of users, such as those in Internet cafes or libraries. Running anti-spyware software should reveal the presence of any such software on your PC.
M
malware
Also known as “malicious software,” malware is designed to harm, attack or take unauthorized control over a computer system. See Virus, Trojan and Worm.
O
opt-in
Permission granted to a business or organization to use your email address for promotional or marketing purposes, or to rent your email address to another organization.
opt-out
The opposite of Opt-In. Not granting permission for a business or organization to use your email address for promotional or marketing purposes, or to rent your email address to another organization.
P
patch
A new software release created to update a computer software program. Updates may include security, performance, or usability enhancements.
pharming
Refers to the redirection of an individual to an illegitimate website through technical means. For example, an Internet banking customer, who routinely logs in to his online banking website, may be redirected to an illegitimate site instead of accessing his or her bank’s website.
phishing
Phishing, as in fishing for confidential information, is a scam that encompasses fraudulently obtaining and using an individual’s personal or financial information. In a typical case, the consumer receives an email appearing to originate from a financial institution, government agency or other entity that requests personal or financial information. The email often indicates that the consumer should provide immediate attention to the situation described by clicking on a link. The provided link appears to be the website of the financial institution, government agency or other entity. However, in phishing scams, the link is not to an official website, but rather to a phony site. Once inside that website, the consumer may be asked to provide a Social Security number, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer’s mother or the consumer’s place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person’s identity.
pop-up ads
A form of web advertising that appears as a “pop-up” on a computer screen, they are intended to increase web traffic or capture email addresses. However, sometimes popup ads are designed with malicious intent like when they appear as a request for personal information from a financial institution.
privacy policy
A standard policy included on most corporate websites that explains how personal information collected about visitors to a company’s site is handled.
pretext calling
A means of gaining access to customers confidential account information by organizations and individuals who call themselves account information brokers. There is a tremendous demand for information about individual and business bank accounts. In recent years, this rising demand for account information has led to an increase in the number of organizations known as account information brokers. These brokers gather confidential financial information, including specific account numbers and balances, from various public and nonpublic sources. The brokers then sell this information to anyone who is willing to pay for it. Their clients include lawyers, debt collection services, and private investigators, who may use account information in civil lawsuits and other court proceedings, or identity thieves who may use account information to engage in check and credit card fraud, and other criminal acts.
R
rootkit
A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Techniques used to accomplish this can include concealing running processes, files or system data from the operating system. Rootkits have their origin in benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Mac OS X, Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.
S
script injection
A technique whereby an attacker causes a javascript routine to be executed on a site outside of the design of the users. Usually such scripts are entered into form fields or in URLs in ways that cause security flaws in the page to execute the script.
secure sockets layer (SSL)
A protocol that provides a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps to ensure that sensitive information (credit card numbers, account balances and other proprietary financial and personal data) sent over the Internet between your browser and a web server remains confidential during online transactions.
service pack
A software program that updates, fixes and/or enhances a software program found on your computer, typically delivered in the form of a single, installable package.
skimming
When an unauthorized second copy of a credit or debit card is taken by an employee at a store by using a storage device that copies the details held within the card’s magnetic strip.
smishing
SMS (short message service) phishing. A victim might receive a phone text message saying that he or she will be charged if a fictitious order at a particular website isn’t canceled. In a panic, the victim then visits the site to cancel the order, but in the process the victim will end up with malicious software on his or her machine.
SMS
The Short Message Service (SMS), often called text messaging, is a means of sending short messages to and from mobile phones. Most SMS messages are mobile-to-mobile text messages, though the standard supports other types of broadcast messaging as well. The term SMS is frequently used in a non-technical sense to refer to the text messages themselves, particularly in non-English-speaking European countries.
social engineering
Hackers may use “social engineering,” a scheme using social techniques to obtain technical information required to access a system. A hacker may claim to be someone authorized to access the system such as an employee or a certain vendor or contractor. The hacker may then attempt to get a real employee to reveal user names or passwords, or even set up new computer accounts.
spam
Unwanted emails offering products and services of dubious benefit are often called spam. Various types of anti-spam software are available, but the first line of defense may be your own Internet Service Provider (ISP), many of whom offer spam filtering services.
spear phishing
Refers to a highly targeted, coordinated attack aimed at specific organizations. The latest attack targeted 50 financial institutions. Attacks originate from a Trojan download, looking for an unpatched Windows vulnerability, leaving a dangerous key logger on the user’s system.
spoofing
Impersonating another person or computer, usually by providing a false email name, URL or IP address.
spyware
The term spyware refers to technologies that collect information about a user without his or her knowledge and reports that information to a third party. Certain forms of spyware can intercept sensitive and confidential information about an organization or user, including passwords, credit card numbers and other identifying data.
T
trojan horse
Any legitimate appearing software that carries an unwanted destructive payload. Typically the payload is a virus that is used by hackers to gain unauthorized access to computer systems.
V
virus
A computer program designed to replicate itself by copying itself into other programs stored in a computer. It may be benign but usually has a negative impact, such as slowing or corrupting a computer’s memory and files. Viruses are now mainly spread by emails and by file sharing services. New viruses are discovered on a daily basis.
virus definition file
This is a file used by anti-virus software to identify specific viruses, worms and Trojan horses. For this reason you should regularly download the latest version from your software supplier.
vishing
Voice phishing. The attack is initiated with an email message that asks the victim to call an actual phone number to verify or change account information. A voice-response system then collects personal information.
W
worm
A malicious program that replicates itself until it fills all of the storage space on a drive or network. Worms may use up computer time, space, and speed when replicating, with a malicious intent to slow or bring down entire web servers and disrupt Internet use.