This is a list of terms used by Cyber Security professionals. My intention is to explain these terms in language that can be easily understood by people without any extensive technical training.

You can also look in our Glossary of Cyber Security Abbreviations.

This is a list of terms used by Cyber Security professionals. My intention is to explain these terms in language that can be easily understood by people without any extensive technical training.

This page will be regularly updated as we find more terms to explain. If you have a particular term you don’t understand, or you believe the explanation below is incomplete/wrong, please send me a message via the contact form.


Ad Fraud – This is concerned with theory and practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue. While ad fraud is more generally associated with banner ads, video ads and in-app ads. See also Click Fraud.

Adaptive security – This is a type of security mode that monitors threats continuously and improves as threats change and evolve. With traditional security methods, organizations use firewalls, intrusion defense systems (IDS), antivirus software, and intrusion prevention systems (IPS). In truth, while they are a powerful defense, they are no longer enough. Environments are no longer static, and security systems should be integrated within continuous deployment IT.

Advanced Persistent Threat – This is a cyber attack that is long-term, highly targeted, and continuous. An APT attack is organized and has a central objective. Many advanced persistent threats are sponsored, usually by governments or rival competitors, and are aimed at stealing vital information from their targets. The objective of an APT attack could range from surveillance and stealing trade secrets to taking control of a network and completely disabling it.

Advanced Threat Protection – (ATP), is a type of security solution specifically designed to defend a network or system from sophisticated hacking or malware attacks that target sensitive data. ATP is usually available as a software or managed security service. Advanced Threat Protection solutions differ in terms of approach and components, but most include endpoint agents, email gateways, network devices, malware protection systems, and a centralized management console in order to manage defenses and correlate alerts.

Adware – This is not typically malware, but falls into a category of ‘Greyware’ and is typically unwanted software on your computer. This software will deliver adverts to your device (affects phones as well as PC’s) that often go full screen stopping you from using the application you are trying to use. They are often delivered though legitimate applications (see bloatware) as well as apps that masquerade as something you might want. Adware can also be malicious delivering malicious adverts that lure you into sites containing malware. It is often hard to get rid of these applications (see Bloatware/Greyware below).

Air-Gapped System – this is a system/PC that is physically isolated from other systems. These systems will typically be disconnected from internal networks and often will be standalone systems or operating within a network that is physically disconnected from the main network of a company. Such systems are often used by security professionals to investigate malware to remove any chance of infecting other company systems.

Amazon Prime Scam – Victims receive an automated call telling them that someone has signed up for an Amazon Prime subscription on their account. They’re then told to press 1 on their phone keypad to cancel, at which point they’re transferred to the scammer, who collects their credit card details.

Anti-Virus Software – This is a software package you install on your device that protects you (within some limitations) against malware installing itself on your device. There are various vendors of this software, and they are all as good as each other in detecting malware. See also ‘Internet Security Software’.

Auction Fraud – This is where someone is selling something on an online auction site, such as eBay, that appears to be something it really isn’t. For example, someone may claim to be selling tickets for an upcoming concert that really are not official tickets.

Authorised Push Payment (APP) fraud – This is where criminals persuade victims to make a payment into their account by posing as a real organisation, or promising products that are never delivered.


Baiting – In the context of social engineering, this is an attack that uses physical media and relies on the curiosity, or greed, of the victim to lure them in to clicking on a link to a malicious website. This is likened to the concept of a ‘Trojan Horse’, but using electronic media. An example would be that you have an interest in motorcycles, so you receive an invite to a motorcycle event. The website you visit will then implant malware into your device.

Back Door – This is often something malware will install on a computer system that allows the attacker to gain privileged access to the computer system. These can also exist in systems due to programming mistakes (vulnerabilities, exploits), or by design so that the vendor, or the security services, can access to the system without often requesting access.

Backup – This a copy of your important data that is kept away from, and preferably on a separate device that is not connected to, the device that contains the original (or cloud storage). Preferably the device you backup to should not online and stored either in a separate location and/or in some form of fire safe (budget versions exist for consumers). See also our blog post of Backing up your data.

Black Hat Hacker – See also the definition of ‘Hacker’ and ‘White Hat Hacker’ below. This is typically a hacker where the intent is to utilise computer vulnerabilities to cause harm, or exercise some form of crime (e.g. extortion).

Bloatware – This is typically software that is installed at the same time as a wanted application. For example, you install Adobe PDF reader, and the Chrome web browser installed by default unless you untick a checkbox during installation. This is often used as a mechanism to monetise free software, where the owner of the software hitching a ride pays the vendor to also carry this software. This mechanism can also be used to deliver malware, so you have to be cautions when installing software you download from untrusted websites sites. You will also often find bloatware installed on low priced PC’s and other devices (e.g. phones) as an attempt to deliver you a cheap product. Bloatware, same as greyware, is often difficult to remove, and in the case of Android based devices almost impossible unless you ‘root’ the device.

Blue Team – This is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. They will typically engage in:

  • Defensive Security
  • Infrastructure Protection
  • Damage Control
  • Incidence Response
  • Operational Security
  • Threat hunting and assessment
  • Digital Forensics.

See also Red Team, who typically test the effectiveness of the blue team by emulating the behaviors of a real black-hat hack group, to make the attack as realistic as chaotic as possible to challenge both teams equally.

Bluetooth – This is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves in the industrial, scientific and medical radio bands, from 2.400 to 2.485 GHz, and building personal area networks (PANs). It was originally conceived as a wireless alternative to RS-232 data cables.

Bluetooth Attacks – Bluetooth technologies (see above) can be compromised, among others, using the following methods:

  • Blue Bugging
  • Blue Jacking
  • Blue Snarling
  • Btle Jacking.

An explanation of these terms can be found on an info-graphic provided by @SecurityGuill. These attack vectors often exploit other vulnerabilities in the target device and in the implementation of the Bluetooth technology on the device.

Bot Net – This is a network of computers (sometimes nothing more than a very small embedded IOT device) that is infected with a form of malware that is used to initial Distributed Denial of Service attacks. The owners of the individual devices forming the Bot net often have no idea they are infected. Internet of Things (IOT) devices that are unprotected by some form of authentication are among the most vulnerable.

Browser Fingerprinting – As browsers become increasingly entwined with the operating system, many unique details and preferences can be exposed through your browser. The sum total of these outputs can be used to render a unique “fingerprint” for tracking and identification purposes. Your browser fingerprint can reflect:

  • the User agent header
  • the Accept header
  • the Connection header
  • the Encoding header
  • the Language header
  • the list of plugins
  • the platform
  • the cookies preferences (allowed or not)
  • the Do Not Track preferences (yes, no or not communicated)
  • the timezone
  • the screen resolution and its color depth
  • the use of local storage
  • the use of session storage
  • a picture rendered with the HTML Canvas element
  • a picture rendered with WebGL
  • the presence of AdBlock
  • the list of fonts.

Brute Force Attack – This is where a cyber attacker is trying to gain access to a computer system, but does not know the precise credentials to use. Therefore the attacker will try all combinations of credentials (e.g. user name/password combinations) to eventually come up with the right combination. The longer and more complex passwords are, the longer it takes for an attacker to come up with the right combination. This is typically automated.

Business Email Compromise Attack – This is a form of cyber crime (abbreviated to BEC) which uses email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the targets organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack.

Business Management Controller – (BMC) This is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without having to access the operating system or applications running on it. In other words, BMC is an out-of-band management system that allows admins to remotely reboot a device, analyze logs, install an operating system, and update the firmware—making it one of the most privileged components in enterprise technology today.


Card Skimmer – These are devices that enable thieves to withdraw information from the magnetic strip of your credit/debit card when its casually used at an ATM or store.

Catfish Scam – This is where a person creates a fake online profile with the intention of deceiving someone. For example, a woman could create a fake profile on an online dating website, create a relationship with one or more people and then create a fake scenario that asks others for money. Another example is someone who creates a fake Facebook account that resembles a friend so that they can view a certain person’s private information.

CEO Fraud – This is when an employee authorized to make payments is tricked into paying a fake invoice or making an unauthorized transfer out of a business account. Typically this starts as an email from a senior official who requests an urgent payment is made. See also BEC/Business Email Compromise Attack.

Certificate – When used in the context of authentication, this is a form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information. Sometimes also called a Digital Certificate.

Certificate Authority – In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You can see this Wikipedia page for more details.

Chain Mail Scam – Sometimes called Chain Letter or Chain Email, is an unsolicited e-mail containing false information for the purpose of scaring, intimidating, or deceiving the recipient. Its purpose is to coerce the recipient to forward the e-mail to other unwilling recipients, thereby propagating the malicious or spurious message. They can often prey on the sympathy of an individual’s sympathy about a sick or dying relative, or a common myth or scare is sent out and because it seems significant or frightening, the recipient feels inclined to let all their friends know. This is also a method of spreading fake news.

Cipher – This is a mathematical algorithm that is used to encrypt data. There are many different ciphers that are used in various parts of the security landscape.

Click Fraud – This is the practice of clicking on paid ads with the sole intention of depleting or diverting the budget of the advertiser. It could be a disgruntled competitor who knows how much you pay per click and wants to hit you where it hurts (in the wallet), or it could be a shady network of criminals running multiple websites designed to channel those advertising dollars into their own accounts. This is often automated using bots.

Click Injection – This is a sophisticated form of click spamming. By publishing an app which listens to “install broadcasts,” it’s possible to detect when other apps are downloaded on a device. This enables fraudsters to trigger clicks before the install is complete. Without preventative tools in place, this means the fraudster will receive credit for the install.

Clickjacking – This is is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. This is also classified as a User Interface Redress Attack, UI Redress Attack or UI Redressing.

Click Spam – This type of fraud happens when a fraudster executes a click for users who are none-the-wiser (in fact, it is unlikely that the user is even exposed to the ad). Click Spam is also known as organics poaching. See also Mobile Ad Fraud.

Cloud – This is typically referencing a set of software defined services that exist in a remote data centre. Such services are:

  • Software as a service – where an application is hosted remotely (e.g. Office 365, Databases). This can also be a platform that can be configured/customised to deliver a service of your own design
  • Platform as a Service – where the hosting provider provides a means to host your on servers in a virtual environment, which can come in managed and unmanaged forms.
  • Storage as a Service – where the hosting provider provides storage for files remotely (e.g. One Drive, Google Drive) – see also Cloud Storage.

Cloud Storage – This is a service offered by a service provided (e.g. Google, Microsoft, Amazon Web Services) that allows you to store a limited amount of files on their service as a form of backup or to allow you to access the files from multiple locations and devices. It is effectively your disk drive in the cloud. These services come in various capacities, an often come with a free allocation in the order of 5Gb. Any additional storage you add will be subject to a monthly subscription charge.

Cold Call Scam – This is where, for example, someone claiming to be from technical support from a computer company like Dell, saying they have received information that your computer is infected with a virus, or hacked. They offer to remotely connect to your computer and fix the problem. This typically involves some form of urgency and can be applied to different scenarios.

Computer software service Fraud – The fraudster will ask for remote access to the victim’s computer to fix a virus or other issue, then they search the device for the victim’s financial details. In this scam the victim is targeted via phone, email or pop-up ad.

Cookie – (often also called web cookie, Internet cookie or browser cookie) This is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers. There are various types of Cookie currently in use:

  • Session Cookie (normally only valid while the browser is running and lost when the browser closes)
  • Persistent Cookie (stored to disk and can be retrieved in a future browser session)
  • Secure Cookie (transmitted only over secure connections)
  • Third Party Cookie (a cookie that is sourced from a different domain that the source of the website being browsed)
  • Zombie Cookie ( a cookie that is automatically recreated after being deleted).

Cookie Stuffing – This is a technique where a website or browser extension adds extra information to a user’s cookie. The technique is often used in affiliate marketing to hijack traffic from its legitimate source. As a result of visiting a website, a user receives a third-party cookie from a website unrelated to that visited by the user, usually without the user being aware of it. If the user later visits the target website and completes a qualifying transaction (such as making a purchase), the cookie stuffer is paid a commission by the target. Because the stuffer has not actually encouraged the user to visit the target, this technique is considered illegitimate by many affiliate schemes.

Courier Fraud – This is when a fraudster contacts victims by telephone purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. The caller may also offer a telephone number for the victim to telephone or ask the victim to call the number on the back of their bank card to check that they are genuine. In these circumstances, either the number offered will not be genuine or, where a genuine number is suggested, the fraudster will stay on the line and pass the victim to a different individual.

Credential Stuffing – This is where a cyber attacker will attempt to gain access to a computer system (e.g. your favourite shopping website) using information often gained in data breaches. The attacker will typically try previously disclosed credentials en-mass to try to gain access. This is also typically automated, resulting in thousands of credentials being tried in a very short time. See also my blogs on Effective use of Passwords and Bot Based Credential Stuffing.

Crowdfunding scams – See Donation Scam.

Cyber War Games – This allows executives and employees to practice their response to simulated crises caused by hacks or malware. Typically a team within an organisation will think like attackers and imagine doomsday scenarios that could cripple the organisation and its ability to function.  Scenarios are fictitious, but realistic, and based on the latest threat intelligence about what “bad actors” are up to. War games are an opportunity to be proactive and simulate high-pressure situations, so that an organisation is not caught off guard in the middle of a crisis.

Cryptocurrency – This is a form of electronic currency that uses cryptography for security. Typically a cryptocurrency is a decentralised commodity that is managed using the Block Chain technology, which is a distributed ledger of all transactions in the cryptocurrency. Most banks will now accept payments in cryptocurrencies. Cryptocurrency if often used to pay ransoms resulting from Ransomware attacks and other illegal activities on the dark web. However dealing in cryptocurrency is totally legal in most countries. Cryptocurrencies you may have heard about are:

  • Bitcoin (the first and most known one)
  • Etherium
  • Monero
  • Ripple.

Cryptojacking – This is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of cryptocurrencies. It can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers. Like most other malicious attacks, the motive is profit, but unlike many threats it’s designed to stay completely hidden from the user and often uses tactics to detect when the system is idle (i.e. not actively in use) so as to mask its activity.

Cyber Attack – This is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of a computer system. There are various forms of Cyber Attack, and the following list is just examples

  • Brute Force Attack/Dictionary Attack
  • Business Email Promise Attack
  • Click Jacking
  • Cookie Stuffing
  • Credential Stuffing
  • Cryptojacking
  • Data Breaches
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • DLL Hijacking
  • Elevation of Privilege
  • Keystroke Logging
  • Ransomware
  • Social Engineering
  • SpearPhone
  • Tracking.

Modern cyber attacks often don’t just rely on one attack vector. They will often chain various vulnerabilities and attack vectors to achieve its goal.

Cyber Attack Vector – This is loosely the method by which a cyber criminal uses to attack their victim. Social Engineering is such an example of a Cyber Attack Vector, but there are many others that a hacker can use to exploit vulnerabilities in the computer system they are attacking.

Cyber-Enabled Financial Fraud – This is often refered to an Business Email Compromise (BEC) and is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly preform payments, including cross border payments. These scams have evolved to also target Personal Identifiable Information (PII) for employees of clients. These scams can also target individuals (e.g. real-estate purchasers, the elderly) by convincing them to make payments to bank accounts controlled by criminals.

See also Fraud and Business Email Compromise Attack and Social Engineering.


Data Breach – This is where a cyber attacker has gained access to a cache of information (typically an unsecured database of some form) and extracts private information. This could typically be user names, passwords, postal addresses, credit card numbers, medical records among many others. The purpose of data breaches is to gain access to private information so that it can be exploited in other cyber attacks, for example social engineering, credential stuffing.

Debt Collection Scam – Scammers can call people threatening them and telling them about a debt they owe telling them that f they don’t pay immediatelly they will be prosecuted or suffer bailiffs to recover the debt. In most cases this is a non-existant debt.

Decryption – This is the opposite of Encryption (see below) where a recipient of an encrypted message can use the same algorithm used to encrypt it to decrypt it.

Decryption Key – This is an token that is known to one, or both parties in an encrypted exchange which is used in decrypting an encrypted message or device.

Deepfake – A combination of the terms “deep learning” and “fake” — are persuasive-looking but false video and audio files. Made using cutting-edge and relatively accessible AI technology, they purport to show a real person doing or saying something they did not. This is of particular concern when used to distribute fake news and/or disinformation especially in a political election. Examples here.

Denial of Service (DoS) – This is a form of cyber attack that attempts to take legitimate services (e.g. game sites, shopping sites) offline by flooding them with requests. The flood of requests is so great that the host systems cannot cope with the inbound traffic, and either slow to a halt or crash totally. Think of this as being in a crowded/noisy room and you are trying to hear someone talking to you where even if they are shouting you cannot hear them. This form of attack is often perpetrated by criminals out to either destroy, or at the very least disrupt a service.

DevOps – This is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

Dictionary Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses words and known substitution patterns to gain crack a password so as to gain access to a computer system. This is in contrast to a phrase attack.

Digital Forensics – This is a branch of forensic science ((sometimes known as digital forensic science) encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

Directory Traversal Vulnerability – This kind of bug can allow a malicious attacker to upload and plant files on a system in unexpected system locations. If the attacker can fine-tune the attack, he can control the places where the malicious files can end up. There are several locations on a Windows or Linux system where the uploaded files could be executed automatically, leading to a situation where the attacker could run malicious code and take over vulnerable servers entirely.

Distributed Denial of Service (DDoS) – This is an evolution of a Denial of Service attack where the source of the traffic flooding a website is coming from multiple sources. DDoS attacks can happen in two primary ways:

  • Where specially crafted data is sent to a sever that is is not set up to handle, and therefore crashes or goes into an endless processing loop
  • Flooding, where too much data/requests are sent to a server which slows it down so that it cannot process legitimate requests, or even crashes under the load.

DNS, or Domain Name Service – This is essentially a phone book for the internet. You will type in an address for a website (e.g. and the DNS service that is used by your computer translates that into a physical address (IP address similar to that can be used by your web browser to access the website. In accessing a web page your browser makes many (sometimes as many as a 100 or more) requests to access resources on the internet ranging from the actual content you want to see to structural entities you will never see as well as Ads, graphics, videos and download items. DNS queries are typically accessed over an un-encrypted protocol (UDP) that is open for anyone to see even if the website you are accessing is encrypted (https). There is a very good Wikipedia article describing what DNS is at a more technical level.

DNS over HTTPS (DoH) – This is a secure means to execute DNS queries instead of the insecure and un-encrypted protocol used today (UDP), DNS queries are encoded over HTTPS and are therefore encrypted.

DNS over TLS (DoT) – This is a protocol for encrypting and wrapping DNS queries and their replies in TLS (Transport Layer Security). This offers both privacy via TLS encryption and authentication via TLS support for the entire public key infrastructure. So this prevents eavesdropping and any manipulation of DNS data via man-in-the-middle attacks.

DNSSec – This provides cryptographically signed DNS records which allows a DNSsec-aware Operating System (e.g. Windows, MacOS, Android) to verify that the DNS response received has not been tampered with or altered in any way. Since the DNS reply is signed with a private key which no forger can have, this means that the received DNS reply is authentic. However, DNSSec on its own does NOT encrypt and anyone watching the traffic will see the DNS client’s queries and their replies just as if DNSSec was not in use. If you want to learn more about DNSSec in Windows then please look at this Microsoft blog on the subject (from Windows 7 onward, windows was DNSSec aware, but your actual DNS service might not be – take a look at this resource and test your setup).

Domain Spoofing – This is a common form of phishing and occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that read as correct. Commonly, a spoof website or email will use logos, or any other kind of accurate visual design to effectively imitate the styling and branding of a legitimate enterprise or business. Users will commonly be prompted to enter financial details or other sensitive data, trusting that they are being sent to the right place. Domain Spoofing Classifications are:

  • Email Spoofing
  • Website Spoofing.

It is recommend that users only access financial sites and other sensitive sites directly through a main page or other verified avenue in order to avoid being cheated by a spoof website.

Domain Typo Squatting – These are web addresses that have been deliberately miss-spelled and to look like the legitimate web address (see my blog on this subject).

There are various types of Domain Typo Sqatting:

  • Misconfigured or illegitimate typosquat domains are described as ones that have not been properly configured and show directory indexes or HTML error messages. Other types of sites that fall under this category are ones that promote content related to the domain name, but not necessarily for the benefit of the orgnanisation.
  • Non-malicious typosquat domains are ones that are designed hurt the brand of the company.
  • Redirects, which are unfortunately the most common. These sites will redirect the visitor to scam sites, unwanted and fake Chrome and Firefox browser extensions, fake program updates that install malware, or tech support scams.

Donation Scam – This is where, for example, a person claiming they have a child, or someone they know, with an illness and need financial assistance. Although many of these claims can be real, there are also an alarming number of people who create fake accounts on donation sites in the hope of scamming people out of money.

Download Attack – An unintentional download of malicious software (malware) onto a users device without their knowledgeable consent. This is often the result of a Malvertising attack.

Dynamic Link Library (DLL) – These are extensions of different applications. Any application we use may or may not use certain codes. Such codes are stored in different files and are invoked or loaded into RAM only when the related code is required. Thus, it saves an application file from becoming too big and to prevent resource hogging by the application.

Dynamic Link Library (DLL) Hijacking – This is where an original DLL file is replaced with a fake DLL file containing malicious code. Since DLLs are extensions and necessary to using almost all applications on your machines, they are present on the computer in different folders. There are priorities as to where the operating system looks for DLL files. First, it looks into the same folder as the application folder and then goes searching, based on the priorities set by environment variables of the operating system. Thus if a good.dll file is in SysWOW64 folder and someone places a bad.dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the bad.dll file, as it has the same name as the DLL requested by the application. Once in RAM, it can execute the malicious code contained in the file and may compromise your computer or networks.


Elevation of Privilege – This results from giving an attacker authorization permissions beyond those initially granted by the user being attacked (e.g. a user may have low level privileges and the elevation gives administrator privileges). This is often achieved by exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. This is always the result of some form of cyber attack.

Email Spoofing – This is where an email header is spoofed so that the message seems to originate from someone or somewhere different from the actual source. Email spoofing is a scheme used in both phishing and spam campaigns because users don’t want to open an email if they don’t trust the legitimacy of the source. The purpose of email spoofing is to trick recipients into opening, or even corresponding with a solicitation.

Employment/Training Scams – This type of scam can come under many forms but has the same purpose as any other. Finding a Master degree for less than $199 is very unlikely to happen. People have paid for expensive courses, CV services or simply jobs that don’t exist. People most likely to be targeted by these kinds of scams are aged between 18-24.

Encryption – This is a mathematical/algorithmic method that obscures data’s true form by making it unreadable to anyone who does not know how it was encrypted. Encryption is used in https browser requests, and in securing communications and hardware from data extraction by hackers.

Encrypted DNS – There are various forms of encryption for DNS as follows (see appropriate definitions for details):

  • DNSCrypt
  • DNS over TLS (DoT)
  • DNS over HTTPS (DoH).

End Point – Any device that can connect to a network is termed as “endpoint” from desktops, laptops, tablets, smartphones and, more recently, IoT devices. Endpoints are now exposed to ransomware, phishing, malicious advertisements, software subversion, and other attacks. Not to mention that attackers use zero-day attacks that use previously unidentified vulnerabilities to send malicious programs to endpoint computers.

End Point Protection – This refers to a system for network security management that focuses on network endpoints, or individual devices such as workstations and mobile devices from which a network is accessed. The term also describes specific software packages that address endpoint security including suites of security software provided by many security companies (e.g. AVG, Symantec, McAfee, Kaspersky). Endpoint protection may also be called endpoint security.

Entropy (or Information entropy) is the average rate at which information is produced by a stochastic source of data. There is a very good WikiPedia page if you want to find out more, but this does get very mathematical. This is often used as a measure of how complex a password is when subject to a brute force attack.

Exploit – This refers to a vulnerability, or bug, in software or hardware that can be used by hackers to execute some form of cyber attack.

External Drive – This is a disk drive that typically resides outside of a computer and typically connects to a computer by a USB connection. They can contain both normal HDD/spinning disk drives as well as solid state drives (SSD). They also come in many sizes, can have a completely enclosed disk drive, or is=n some cases a removable disk drive. They are very useful for storing backups as well as extending the storage capacity of PC’s.


Fake prizes / Unexpected Winnings Scams – This is where you receive and email (IM or SMS) claiming that you won a prize, but you don’t remember participating in any contest. You are often required to submit your bank details or a credit/debit card to recover your prize which then results in identity theft or some other fraud.

Fake / Non-existing Goods Scam – This is where you visit a fake webshop and buy goods that are never delivered. Moreover, counterfeit goods sold online are increasing significantly and the majority of goods coming from China, even though the website states it is based in the UK, the US or another country heavily protected from counterfeits.

File-less Malware – This is a form of malware that exists purely in memory (RAM) and does not persist itself through dropping files to a file system or infecting existing files. This is a typical form of infection for routers and embedded systems that do not have a Read/Write filesystem. Normally a simple reboot of the infected system is enough wipe the malware, however this does not close the vulnerability as the malware can just re-infect its host using the same attack vector and vulnerabilities unless these are able to be patched.

Fleeceware – This is a form of fraud where you install an app that abuses the ability to offer trial periods to users before their accounts are charged. When a user signs up for an app trial period, they have to manually cancel the trial to avoid being charged. Most users just uninstall apps they don’t like and the majority of app developers take this as a sign that they wish to cancel the trial period without being charged. However some continue to charge the premium subscription charges.

Form Jacking Fraud – Also known as digital or web skimming, this scam is basically an evolution of ATM skimming. Criminals steal customers’ card details by adding their own code to a company’s website, which means they can see the card information as it’s being entered.

Fraud – In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (i.e., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation), a criminal law (i.e., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver’s license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.

Free WiFi – This is a wireless network that is normally offered free in Coffee Shops, Hotels and in other public places. There are a number of dangers in using these facilities, but with taking the correct precautions they can be used in relative safety. See our blog post on Using Free and Public WiFi.

Full Backup – This is a backup of all the files that you need to keep as backups. This is typically slow to make, since you are copying a significant amount of data. However it does give you a snapshot in time so that you can recover your files (with additional incremental backups) to the most recent state. See also our blog post of Backing up your data.


Ghidra – This is a tool that was published by the National Security Agency in the US (NSA) that allows penetration testers to ‘de-compile’ applications and inspect the inner working of the apps. More info at

GeoFencing – Geo-fencing (geofencing) is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries. Geo-fencing allow an administrator to set up triggers so when a device enters (or exits) the boundaries defined by the administrator, an alert is issued. Many geo-fencing applications incorporate Google Earth, allowing administrators to define boundaries on top of a satellite view of a specific geographical area.  Other applications define boundaries by longitude and latitude or through user-created and Web-based maps.

Geofence virtual barriers can be active or passive. Active geofences require an end user to opt-in to location services and a mobile app to be open. Passive geofences are always on; they rely on Wi-Fi and cellular data instead of GPS or RFID and work in the background.  

GeoFencing also relates to the restrictions of broadcasted media to specific geological boundaries based on where you are accessing an internet service and where that service is located.

Greyware – This is a term that relates to potentially unwanted software that are not typically classified as malware, but potentially can affect your computer systems. This includes Adware and Spyware. It can also allude to software that is delivered as part f a downloaded package you install on your computer. This could be unwanted toolbars and utilities that seem to have a doubtful purpose, and not something you would necessarily want to keep. Getting rid of these applications is often difficult as they will often install multiple components across your system and you will need to know what is legitimate and what is unwanted. Often the only way to rid yourself of these applications is to do a clean install of the operating system.


Hacker – A computer hacker is any skilled computer expert that uses their skills to solve a problem. However, this term is often referred to as someone who has malicious intent and deploys malware (see also ‘White Hat Hacker’ and ‘Black Hat Hacker’ in this glossary).

Hacking Services Scams – It is possible to find on the Internet some services offering to hack other people’s data for you. Many scammers are promoting those not only illegal but also fictitious services. It is very likely that, by answering to such an offer, you will get defrauded of your money with nothing in return.

Honeypot – (1) This is a service that masquerades as a legitimate service, but can harbour malware (e.g. a fake WiFi network). (2) It can also be used to lure attackers to a decoy service (e.g. a server) thereby reducing the opportunity for a successful cyber attack. Multiple honeypots form a honeynet.

HTTP – This stands for “HyperText Transport Protocol.” and is the technology that allows for a website to be downloaded and rendered in your web browser.

HTTPS – This is the same as HTTP, but uses a secure protocol (SSL) to encrypt the information coming back from the website. Your web browser will decrypt this and allow the website to be displayed to you.

HTTP Request Smuggling – This is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.


Impersonation – In this content as part of social engineering, an attacker will impersonate someone in authority to trick you into divulging information. An example of an attack is a call from HR requesting information on yourself or another person.

Incremental Backup – This is a form of backup that only stores files that have changed since the last full/incremental backup. In this way, these backups are very quick to create and are often used for daily (or even hourly) backups. They are supported by full backups, that take a copy of the whole file store. See also our blog post of Backing up your data.

Insider Threat – This is an attack method where a trusted employee has access to confidential information, or high privilege access and abuses that privilege to disclose information or provide a hacker to access to privileged areas of the IT infrastructure. This is particularly an issue when an disgruntled employee leaves a company and is vulnerable to dosclosing priviledged information.

Intelligent Platform Management Interface – (IPMI) this is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.

Internet of Things – This is a collection of devices that are not typically identified as computers. They can be anything from light bulbs connected to a home automation system, domestic appliances, sensors on industrial plant, as well as autonomous cars and the components that make up non-autonomous cars including Satellite Navigation, automated braking systems, etc. The danger from these devices is that they often do not require any form of authentication to operate and run on outdated embedded software that is not maintained by the vendor. This also extends to the services these devices use to provide their function, e.g. in the case of a door bell/door monitoring system there will be a subscription service that performs that monitoring and provides the owner of alerts when someone comes to the door. See my blog ‘Securing your Internet of Things‘ for more details.

Internet Service Provider – This is a communications company that provide access to the Internet. This is usually for a monthly fee /subscription and provides different data rates based on the monthly subscription (e.g. 20Mbps, 100Mbps, 1Gbps).

Insider Attack – This relates to someone who is an employee of a company with legitimate privileged access but uses it to execute a cyber attack, fraud or a data breach.

Internet Security Software – This is a class of software that packages up various defensive software’s that attempt to secure your device. This is distributed by various organisations, and can come pre-installed on your PC/Phone. Windows Defender on Windows 10 is a comprehensive set of defensive software’s that comes as the default protection on new PC’s. This includes software such as:

  • Anti-Virus software
  • Ransomware protection
  • Privacy Protection
  • Website and Email scanning for malware
  • Firewalls
  • Webcam Protection
  • Spam Protection
  • Detecting fake websites
  • Virtual Private Networks (VPN’s).

See also ‘End Point Protection.

Investment Scams – Investment scams atre where you are convinced to iunvest in some money making sceme that is not existant. These scams will generally involve small amounts of money at the beginning, but quite important ones as you get into it. Thanks to their very elaborate schemes, where they give false hopes to the consumer, they can take big amounts of money from their targets. They can do so by helping the consumers make some money (at the beginning) out of small bets and sums, which will convince them to invest more money in the scam. This is when things will go wrong, as the scammer will claim that your latest investment made a lot of profit, but that it is somehow impossible to withdraw it (therefore convincing you to pay even more to withdraw that money). Most of the time, scammers stop replying after they took the most they could from you.


JavaScript – This is a programming language largely used to provide extra functionality on webpages.


Kernel – This is a computer program that is the core of a computer’s operating system, with complete control over everything in the system. On most systems, it is one of the first programs loaded on power-up. It handles the rest of start-up as well as input/output requests from software, translating them into data-processing instructions for the CPU. It also handles memory and peripherals like keyboards, monitors, printers, and speakers. As a result of the sensitivity of the Kernel, this is often a prime target for hackers since this gives them total control over all operations within the computers OS.

Key Loggers – This is a form of malware that records all the keystrokes you make on your computer. Typically the attacker is looking for usernames and passwords to gain access to computer systems, but this can also be used to capture private information. Key loggers can be delivered by various means, including a social engineering attack.


Lateral Phishing – This is a Phishing Attack that is conducted from an email address within, rather than outside, the organization. See also Phishing and Business Email Compromise Attack for further information.

Loadable Kernel Module – (LKM) This is a file that contains code to extend the running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls. When the functionality provided by a LKM is no longer required, it can be unloaded in order to free memory and other resources. This is also a cyber attack vector, although often requires significant privilege escalation to gain access.

Logic Bomb – This is a piece of code intentionally inserted into a software system that will set off a malicious action when a specified condition is met. For example, date is Friday the 13th, if a user hasn’t logged in for a number of days. The effect of a logic bomb is to perform some action, e.g. deleting files, corrupt data, install malware.


MAC Address – A Media Access Control (MAC) address is a 48bit alphanumeric address that uniquely identifies the network card in your device. It us unique to your device and will never be re-used. It is used to establish a connection between your device and a network router (WiFi router, Bluetooth, etc.). This is typically represented in hexadecimal as a sequence of characters similar to F1:A2:CD:E4:5P:8K and is normally printed on your PC’s underside, on your WiFi router, can be found in the settings app of your device or other utility programs (e.g. ipconfig on a PC).

Malicious HotSpot – This typically appears as a free WiFi service, but in reality it is managed by a hacker with the purpose of performing some form of Cyber Attack (e.g. Man in the middle, privacy invasion). See our post on Online Privacy for more information on this.

MalSpam – This is short for malware spam or malicious spam, is spam email/messaging that delivers malware. While regular spam is simply any unsolicited email, malspam contains infected attachments, phishing messages, or malicious URLs. It can also deliver a myriad of malware types, including ransomware, Trojans, bots, info-stealers, cryptominers, spyware, and keyloggers.

Malvertising – This is where an advert shown on a webpage that looks legitimate, but harbours a malicious link to a website that will then attempt to initiate a cyber attack of some form (e.g. install malware).

Malware – This is typically a malicious program for which the purpose is to exploit some weakness in a computer system in order to gain access to it, or as the payload of a social engineering attack. There are various types of malware, the following being a set of examples:

  • Back doors
  • File-less
  • Key Loggers
  • Ransom Ware and Wipers
  • Root Kits
  • Trojan Horses
  • Viruses
  • Worms.

Malware as a Service – This is a service offered by Cyber Criminals, either on the surface web or dark web, to other Cyber Criminals who want to use Malware to further some objective, but either don’t have the skills or the time to develop the appropriate exploits and Malware. Subscribers will normally pay a fee or a share of the profits. Such services can provide:

  • Phishing Campaigns
  • Targeted Malware
  • Bot Nets
  • Ransomware
  • Lists of compromised credentials (e.g. email address, passwords) coming from data breaches
  • Crypto Mining
  • Data Exfiltration
  • Selling Zero Day vulnerabilities.

You can also read my blog on this subject here.

Mandate Fraud – This is when someone gets you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to, for example a subscription or membership organisation or your business supplier.

Man In The Middle Attack – This is where an attacker intercepts a legitimate network request (e.g. an http request from a web browser), and inserts malicious instructions into either the outbound request (in order to redirect to a malicious service or extract personal data), or inserts malicious code into the return implanting malware into the webpage or return data. This is more prevalent when using unencrypted http requests. As https requests are end to end encrypted, it is harder for an attacker to execute this type of request. A VPN can also defend against this type of request since all traffic going through a VPN is typically encrypted.

Mobile Ad Fraud – This is the attempt to defraud advertisers, publishers or supply partners by exploiting mobile advertising technology. The objective of fraudsters is to steal from advertising budgets. Mobile ad fraud can take a number of different forms, from faked impressions, click spam or faked installs. For example, fraudulent publishers seeking to benefit from false impressions may stuff adverts into a single pixel, or deliberately align an advert out of view to generate views or impressions that never took place. The types of Ad Fraud are as follows:

  • Click Spam
  • Click Injection
  • SDK Spoofing.

Money Muling – This is a type of money laundering. A money mule is a person who receives money from a third party in their bank account and transfers it to another one or takes it out in cash and gives it to someone else, obtaining a commission for it. Even if money mules are not directly involved in the crimes that generate the money (cybercrime, payment and on-line fraud, drugs, human trafficking, etc.), they are accomplices, as they launder the proceeds of such crimes. Simply put, money mules help criminal syndicates to remain anonymous while moving funds around the world.

Monster-in-the-Middle (MITM) Attack – The security and privacy of HTTPS encrypted communications in web browsers relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website. For example, you and I can’t obtain a trusted certificate for Facebook because these browsers have strict policies for all CAs trusted by the browser which only allow an authorized person to get a certificate for that domain. However, when a user installs the root certificate provided by their ISP, or some other malicious actor, they are choosing to trust a CA that doesn’t have to follow any rules and can issue a certificate for any website to anyone. This enables the interception and decryption of network communications between the browser and the website. This is also similar to a ‘Man in the Middle Attack’.

Munged Password – This is a method that attempts to create a stronger password by character substitution. Typical substitutions might include:

a=@, b=8, c=(, d=6, e=3, f=#, f=£, g=9, h=#, i=1, i=!, k=<, l=1, l=i, o=0, q=9, s=5, s=$, t=+, v=>, v=<, w=uu, w=2u, x=%, y=?

For high-security applications, munging may not be very effective, because it only adds 2-3 bits of entropy, thus increasing the time needed to perform a brute force dictionary attack by a factor of 4–8. It should also be noted that hackers are aware of such substitutions and will be in their arsenal of techniques to try first when attempting a dictionary attack to beak the password.


NAS Drive – NAS stands for Network Addressed Storage. This is a disk drive that is external to a PC but is accessed via the internal network by PC’s and other devices. They come in various capacities, from consumer models to much larger models used by businesses.

NeoBanking – This refers to a growing wave of 100% digital banks, which are customer-driven by nature and with a special focus on delivering friction-less money management and payment experience. 

Nigeria Scam – Sometimes called 419 or African Scam, is a scam where the scammer gives the impression you can gain a large amount of money and only requires bank information to deposit the money into your account. In reality, the bank information is used against the person or the deposits are kept with no reward. This is typically done over email but can also be done over instant messaging platforms. The 419 scam is named after the penal code that it is prosecuted under in Nigeria, Africa.


Online Survey Scam – This is a web site that says they offer money or gift vouchers to participants for answering questions. Usually, these sites ask the user to spend an unreasonable amount of time, for insufficient payout. Often, the promised money or vouchers are never payed out. The main goal of an online survey scam is to obtain demographic information that the site may sell to spammers or other marketers.

Open Redirect – This is when a legitimate site allows unauthorized users to create URLs on that site to redirect visitors to other sites. For example, Google has an open redirect at the URL[url]

This can be used by anyone, including attackers, to redirect a visitor through Google’s site to another site. See also our blog on this subject for more details.

Operating System – This is the software that comes with your device that allows you to interact with the device. Typically this is Android, IOS, MAC OS or Windows 10.


Packet Capture – This is the process of intercepting and logging network traffic.

Packet Sniffer/Analyser – This is a computer program or piece of computer hardware (such as a packet capture appliance) that can intercept and log traffic that passes over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. See also Packet Capture, WiFi Analyzer, Wireless Analyzer. A packet analyzer can also be referred to as a network analyzer or protocol analyzer though these terms also have other meanings.

Password – This is a secret set of characters that is used to authenticate a user to a website or software service that is accompanied also by a user name. It is sometimes accompanied by other factors for authentication purposes (see Two factor Authentication).

Password Spraying – This is when an attacker takes a known password, and attempts to use it on multiple accounts. This is similar to credential stuffing. The defence against this kind of attack is to ensure you have different passwords for each account you use and where possible use 2-factor authentication. See my Guidance on the Effective Use of Passwords.

Penetration Test – This is an authorised simulated cyber attack that seeks to discover any vulnerabilities in computer systems. The process typically uses the same techniques malicious hackers would use, but instead of using this knowledge to cause harm, the vulnerability is responsibly disclosed. This is sometimes abbreviated to PenTest.

Pen Drive – This is a portable and very compact USB storage device based on Flash memory. They come in various sizes and capacities and can typically be attached to a key fob. They are highly useful for storing files on temporarily while you are transporting the data. The USB interface comes in all popular forms (Type A/C).

Penetration Tester – This is typically an ethical hacker that exercised authorised penetration testing (see Penetration Test above).

Pharming – An attack method that focuses on the network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing – This is typically when you receive an email that claims to be some form of offer, or request for information that is fraudulent. The emails can look genuine (e.g. form your bank), and can trick a lot of people into disclosing their login credentials or key banking information. among other things. See also Lateral Phishing.

Phrase Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses combinations of words, phrases or known passwords to gain access to a computer system. Typical phrases can be drawn from literature quotes, song titles, etc. This is often a refinement of a dictionary attack.

Physical Hacker/Penetration Tester – This is where a penetration tester (or hacker) will attempt to get physical access to buildings, and in particular computing resources, to execute cyber attacks that require physical access to the actual computers to execute (ones that cannot be executed remotely). This is often used by organizations to test the physical security of their establishments to stop unauthorised access to sensitive areas and/or information and to test their procedures around physical access to physical resources (buildings, data centres, secure rooms).

The Physical Penetration tester will use a number of techniques to gather enough information to gain access, including:

  • Social Engineering
  • Physical Reconnaissance/Stake-Outs
  • Getting building plans from local authority planning departments
  • Evaluating employee dress styles so as to better fit in when accessing the building
  • Where people smoke
  • Evaluating services that regularly visit the site (e.g. electrical, plumbing, air conditioning, cleaning staff)
  • Types of entry controls (e.g. badge activated door locks, types of physical locks)
  • Secluded entry, e.g. a fire exit that is not visible from the street and may not have the same level of security as the main door
  • Surveillance systems (e.g. CCTV, intrusion detectors, motion detectors, alarm systems).

Police Browser Lock Scam – This is where of your web browser’s full-screen mode is used to show a fake Windows 10 desktop (MAC or any other operating system) stating your computer is locked. The scammer often which pretends to be law enforcement locking your browser due to illegal activity. These scams then state that if you pay a fine via a credit card, it will unlock your computer so you can use it again.


Quality of Service – This is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. It can also refer to the description or measurement of the overall performance of a service, such as a telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.


Ransom Ware – This is a form of malware that typically encrypts your files on your computer and forces you to pay the hacker (normally in some form of Crypto Currency) to provide the key to decrypt your files. In many cases there is no intention by the cyber criminal to provide the unlock code, and you will be left with a totally encrypted, and therefore useless, system. This form of attack often uses a social engineering method to implant the initial malware, or some other vulnerability within the computer system.

Red Team – This is typically an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. In the context of Cyber security a Red Team will be a group of white hat hackers that engage in the following to test the security level of a company:

  • Offensive Security
  • Ethical Hacking
  • Exploiting vulnerabilities
  • Penetration testing
  • Back Box Testing
  • Social Engineering
  • Web App Scanning.

See also Blue Team.

Reflective DDos and Amplification Attacks – In initiating a DDoS attack, a hacker would look to utilize a vulnerability, or in some cases a feature, of a system to amplify the number of packets sent to its target. Typically for every packet, or request, sent to a server, the server would return a larger number of packets that can be spoofed to come from the target system. In this way the hacker can engineer a DDoS attack with very little investment from themselves in setting up an extensive botnet.

Refund Scam/Fraud – This is the act of defrauding a retail store via the return process (could be a high street store or an online store). There are various ways in which this crime is committed, for example, the offender may:

  • Return stolen merchandise to secure cash
  • Steal receipts or receipt tape to enable a falsified return
  • Use somebody else’s receipt to try to return an item picked up from a store shelf.

Remote Desktop Protocol (RDP) – What this does is allows a user to initiate a connection to a remotely accessible PC/Server via a network that allows the user to interact with the remote machine as if it was local. This feature actually displays the desktop as if you were directly logged into the machine locally. This is a very useful feature as it allows someone to manage servers and PC’s remotely and is a feature actively used by system administrators in just about every kind or organisation. It is also used to access desktop PC’s via corporate VPN’s which means the user does not need an expensive company supported laptop to work remotely – they can just login via their home PC.

Responsible Disclosure – Computer systems are often very complex beasts, that are developed by people with varying degrees of skill, who often make mistakes that allow an attacker to exploit a weakness in the system. Security researchers are always looking or these types of mistakes so that they can be responsibly disclosed to the vendor of the system for them to be fixed. The type of disclosure varies, but often the vendor is given a period of time (say 90 days) to fix the issue and provide an update closing the vulnerability. Once the vulnerability is made public, the vulnerability is immediately exploitable unless a patch has been deployed and installed on all affected devices. This is why you should always install security updates on your devices, and in the case of phones/tablets ensure your vendor actively patches your device.

Romance scams – Dating apps and websites are gaining popularity worldwide, which gives scammers a platform to lure money from love-searching individuals. These scams, like many others, can be executed anywhere in the world, thus people must be very careful who they decide to trust online.

Root Certificate – This is a public key certificate that identifies a root certificate authority (CA). Any website accessible over https needs to be signed by a root certificate to ensure its authenticity. If you want the technical detail I suggest you look at this Wikipedia Page.

Root Kit – This is a form of malware that often sits in the background gathering information, and in most cases the victim won’t even know it is there. The software can also act as a backdoor allowing the attacker access to otherwise inaccessible parts of the system. Root Kits can reside in the lowest levels of the system (kernel), and can often reside in an area of the hard drive where the operating system resides (boot drive) and can be activated at boot time before all the normal defences are in place. These are particularly an issue with systems that don’t support a secure boot process.

Rooted Device – This normally refers to phones/tablets (both Android and Apple), where changes are made to the boot sequence to allow the user full access to the operating system. In this way you can make changes to the underlying OS. However, in doing this your device becomes much less secure and more vulnerable to malware. You may also void your warranty. This is also referred to as ‘Jail Breaking the phone.

Router – This is a device that allows other devices to communicate with other networks and/or the Internet. It often sits on the boundary of a network between the internal network ad the outside network. It can also sit internally to the network that bridges between internal networks. Consumers will often relate this to WiFi routers or WiFi access points.


Safe Mode – This relates to a mode you can boot your device into that only boots the parts of the operating system that it needs to provide essential functions. It is a mode that allows you to determine of problems with your device are related to an app or hardware drivers and often allows you to perform removal actions to fix the issue. Booting your device into Safe Mode will depend on the device you have and in some cases the manufacturer. A simple internet search should find the method for your device.

Scam – This is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person. With the world becoming more connected thanks to the Internet, online scams have increased. Scams often fall into the following categories:

  • Phishing, and Social Engineering in general
  • Auction Fraud
  • Donation Scam
  • Catish
  • Cold Call Scams
  • Chain mail
  • Online Survey Scams
  • Crowdfunding scams
  • Sextortion email scams
  • Amazon Prime scam

See definitions for the above in other parts of this glossary.

Script Kiddy – A script kiddie (also called a skiddie, or skid) is typically an individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. They generally lack the skill to write such scripts and programs themselves. This does not relate to the age of the individual concerned. The term is considered to be derogatory in popular hacking culture.

SDK Spoofing – This is also known as traffic spoofing or replay attacks. It is the creation of illegitimate installs using data of real devices.

Security Update/Patch – Providers of software packages and operating systems will often maintain their products for a period of time following release with updates that close security vulnerabilities. If you are on an flagship smartphone, or you have Windows 10/MacOS on your PC, you will see monthly updates named ‘Security Update’s that install updates to close vulnerabilities that have been reported to the vendor (see also ‘Zero-Day Vulnerability below). It is very important that these updates are provided and installed immediately, but not all devices are supported in this way. This is distinct from Feature Updates, or OS upgrades, which update the version of the Operating System (e.g. Windows 10, MacOS, Android, IOS) or software package to a new generation of the software.

Server – This is typically a dedicated computer system, often a cluster of individual computers working together, that provide the back-end services that make your applications work. These computers host databases and other software commonly referred to as the applications back-end. For example, IMDB on Android/IOS is effectively a front end to a server that hosts a database and set of search engines that deliver the movie information you request.

Server Side Request Forgery – (SSRF) These let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target internal systems that are behind firewalls and are not accessible from the external network. An attacker may also leverage SSRF to access services available through the loopback interface ( of the exploited server. SSRF vulnerabilities occur when an attacker has full or partial control of the request sent by the web application.

Session Cookie – This is a Browser Cookie that allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page. The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalog and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click CHECKOUT, the new page does not recognize your past activities on prior pages and your shopping cart will always be empty. Session Cookie –

Sextortion Email Scam – This is a form of blackmail where a perpetrator threatens to reveal intimate images of you online unless you give in to their demands. These demands are typically for money, further intimate images, or sexual favours. Perpetrators commonly target their victims through dating apps, social media, webcams or adult pornography sites. While sextortion can be committed by individuals, organised crime is commonly behind it. In most cases, your computer has not been hacked and there is no content. However, the basis of the threat is feasible but in most cases not probable.

Side Jacking – This is a cyber attack where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.

SIM Jacking – Sometimes also called SIM Swapping. These attacks allow hackers to take over a person’s cell phone number and usually their digital life along with it. Threat actors typically start by social engineering their way into getting an employee at a cell phone carrier company to port over a phone number to another SIM card. Essentially, they bribe these employees with cryptocurrency or PayPal transfers to have them swap cell service from a victim’s device’s SIM card over to a SIM card in the attacker’s possession. From there, they can take over their victims’ email, social media and financial accounts, extorting cryptocurrency for returned control. Common targets include celebrities or social media influencers, high-profile employees.

Smishing – This is a social engineering attack similar to Phishing, but instead of email they use SMS texting to deliver the request for information.

SMS Fraud – See Smishing.

Social Engineering – The physiological manipulation of people to trick them into divulging confidential information that can be used to hack into websites and other computing resources. There are various forms of social engineering (the definitions are posted throughout this page):

  • Baiting
  • Impersonating
  • Pharming
  • Phishing
  • Smishing
  • Spear Fishing
  • Tailgating
  • Vishing
  • Water Holing
  • Website Cloning
  • Whaling.

See definitions for the above in other sections in this glossary.

Software as a Service (SaaS) – This is a distribution model for software, whereby instead of downloading the software to run locally on your PC, the program is hosted by a third-party provider, and then accessed by users over the internet, typically through a web browser interface.

Software Defined Perimeter – (SDP) This is an alternative technology to a VPN. It is designed to address the way we use the Internet and the technologies it enables. It does this by establishing dynamic, one-to-one, micro-segmented network connections between users and the resources they have authority to access. SDP supports a  Zero Trust model, which means that each time a user (be they human, IoT device, or AI programme) attempts to access a resource they will have to be authenticated and authorised, using multiple checks, before gaining network access. All other resources that users haven’t been authorised to access will remain invisible to them. This is in stark contrast to traditional VPNs where once someone has access to one part of the network they can see and gain access to everything, regardless of whether it’s relevant to them.

To simplify things, picture a hotel. In a VPN solution any user allowed through the main doors will be able to access any and all rooms. In contrast, in a SDP solution, a single room will be visible and multiple keys required to unlock that one door. 

Spear Phishing – This is similar to the other forms of Phishing (including Vishing and Smishing), where the attack is very focused on an individual. The email will be highly customised to the individual, and is a regular attack method used against enterprise executives. They will typically focus on a particular aspect of your professional interests and requires the attacker to fully research their target.

SpearPhone Attack – This is a way to eavesdrop on people’s mobile phone calls that makes use of on-board accelerometers (motion sensors) to infer speech from the devices’ speakers. This is a result of recent research where the researchers discovered that any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. Because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or live streaming them back to an adversary, who can analyze and infer private data from them. The research specifically focused on Android based devices, but could be applied to any type of device that processes speach and has an accelerometer.

Spyware – This is a form of ‘Greyware’, bordering on malware that is often installed without the users consent and then attempts to exfiltrate information from the system. This could be system based information, information about your internet usage or private/confidential information. A Key Logger is a form of Spyware, but typically anything that is installed without the users direct consent (implied or otherwise) can be categorized as Spyware.

Steganography – This is a way of encrypting data in plain sight, normally in pictures or text, and if often used for malicious intent. This can also be used to hide malware installers that exploit a vulnerability is a software application (e.g. Adobe Acrobat, Microsoft Word) that are used to read the text/picture.

Supply Chain Compromise Attack – This is the direct manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including:

  • Manipulation of development tools
  • Manipulation of a development environment
  • Manipulation of source code repositories (public or private)
  • Manipulation of source code in open-source dependencies
  • Manipulation of software update/distribution mechanisms
  • Compromised/infected system images (multiple cases of removable media infected at the factory) [1] [2]
  • Replacement of legitimate software with modified versions
  • Sales of modified/counterfeit products to legitimate distributors
  • Shipment interdiction.

Surveillance Alliances – the “5 Eyes”, “9 Eyes”, and “14 Eyes” global surveillance alliances are a group of countries that have aligned themselves to share intelligence relating to all manner of threats. They are increasingly discussed terms within the privacy community. This is especially true when discussing privacy tools, such as VPNs. These terms are references to global surveillance alliances between the US, UK, Australia, and several other countries around the world as follows:

  • 5-Eyes Alliance includes the USA, Canada, UK, Australia and New Zealand
  • 9-Eyes Alliance includes France, Norway, The Netherlands and Denmark in addition to the 5-Eyes countries
  • 14-Eyes Alliance includes Germany, Italy, Spain, Belgium and Sweden in addition to the 5-eys and 9 eyes countries.

There is an extensive Wikipedia article on the web that goes into this in a lot more detail.

System Backup – This is an image of your computers operating system that can be stored separately from your computer and used to restore it back to a known configuration in the event of a failure (however caused) or to restore following a cyber attack (e.g. ransomware). These are typically installed by PC manufactures and often provide customised software to restore the PC back to factory conditions. See also our blog post of Backing up your data.


Tailgating – This is where an attacker typically gains access to a building/restricted area by coming in behind an authenticated person. Often the person will look like they are trying to find their pass, or claim they left it at their desk, but they are actually trying to gain access on the back of your authentication. This is more an issue for enterprises, but can also affect consumers in more social contexts e.g. when at the gym and someone tries to gain access without paying or for nefarious purposes.

Threat email / Personal Content Scam – This is where the sender claims to own some personal content involving you. The scammer will generally threaten you to disclose the-said material if you do not use the provided link to send them money them money. See also Sextortion.

TOR Browser – See also ‘TOR Network’ below. This is a Web Browser based on the FireFox browser that has been configured specifically fr privacy and routing all requests through the TOR Network.

TOR Network – This is a network provided by the TOR Project that is focused on total privacy. The US Naval Lab in the 1990’s asked themselves if there was a way to create internet connections that don’t reveal who is talking to whom, even to someone monitoring the network. Their answer was to create and deploy the first research designs and prototypes of onion routing. The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. The Tor Project, Inc, became a US 501(c)3 nonprofit in 2006, but the idea of “onion routing” began in the mid 1990s.

Tracking – This is the collection of data regarding an individual’s identity or activity across one or more websites using a variety of techniques including tracking cookies, specially crafted URL’s, Browser Fingerprinting, redirects and hyperlink auditing. Even if such data is not believed to be personally identifiable, it’s still tracking. There are several forms of tracking, for example:

  • Cross-site tracking (tracking across multiple first party websites)
  • Stateful tracking (tracking using storage on the user’s device)
  • Covert stateful tracking (is stateful tracking which uses mechanisms that are not intended for general-purpose storage, such as HSTS or TLS)
  • Navigational tracking (tracking through information controlled by the source of a top-level navigation or a sub-resource load, transferred to the destination)
  • Fingerprinting, or stateless tracking (tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage)
  • Covert tracking (includes covert stateful tracking, fingerprinting, and any other methods that are similarly hidden from user visibility and control).

Trojan Horse – Sometimes just called a Trojan. In the context of malware, this is a piece of software that looks benign, but actually is disguised malware. This malware is typically used in combination with a social engineering attack. The actual purpose of the malware has many forms, but a lot of them install a back door to critical systems that allows attackers to perform additional cyber attacks.

Two Factor Authentication – Typically a user access a computer system by entering a username and password. Where two factor authentication is in place, the user must also provide an additional code/password/passphrase to gain access. This is typically a 6 digit code provided by SMS or by an authenticator app on your phone. This is a stringer form of security/authentication since it is provided by something you know (a username password) and something only you possess (an authenticator app on your phone). A second factor could also be a bio-metric factor, e.g. a fingerprint or iris scan.


Unified Communications as a Service (UCaaS) – This is a service that offers the opportunity to integrate multiple communication methods through a single cloud provider, including enterprise messaging, telephone communication, and video conferencing. This can be integrated into call center services, such as call routing, and call centers, with additional functionality when combined with contact management software. 

User Data-gram Protocol (UDP) – Sometimes referred to as UDP/IP, this protocol was introduced in 1980 and is one of the oldest network protocols in existence. It’s a simple OSI transport layer protocol for client/server network applications, is based on Internet Protocol (IP), and is the main alternative to TCP. Traffic over this protocol cannot be encrypted.

Username – This is a piece of data used to authenticate a user to a website or software service. It is normally accompanied by a password and sometimes other factors to authenticate a user. See also Password and Two Factor Authentication.


Virus – This is a malicious program/malware that exhibits a lot of the characteristics of biological viruses, in that they can self replicate and use the host system to propagate themselves into otherwise unaffected parts of the compute systems by attaching to existing files in the system. They typically exploit vulnerabilities in existing software. They can infect host systems via many methods, including social engineering and targeted attack on unsecured systems.

Vishing – This is a social engineering attack method similar to Phishing, but this is where the attacker will contact you by phone and request you divulge confidential information.

VPN Provider – This is a company that provides services to provide Virtual Private Network to both consumers and business. There are often free options which are supported by advertisements and often limited in bandwidth as well as paid options that provide better bandwidth and privacy options.

Vulnerability – In this context, this relates to a bug, or error, in the coding of a computer system that allows a cyber attacker to gain access to a computer system. This will typically result in the attacker injecting some form of malware and/or attempting to gain elevated privileges so that they can act as someone who has some form of administrative access to the system. In this way they can roam the system without any restrictions, install malware and extract information (data breach) unhindered.


Water Holing – This is where a fake website is posted that you implicitly trust (e.g. Amazon), but actually is a clone of the website designed to extract personal information. The victim will feel safe in the fact that they trust this site, and often now are posted using an HTTPS secure site. See also ‘Website Cloning’ below.

Web Cache – As part of the web delivery system, web pages are cached at various points along the way to speed up local delivery. Services like CDN’s (Content Delivery Networks) provide these cached web pages in locations that are closer to the delivery point, but are constantly refreshed to keep the content up to date. By accessing a website, it is likely you are not the first to access that same page and therefore accessing a cached version of the page. If you add new content to a website, you will often find that it takes a few minutes to see it in your browser due to the caching mechanism.

Web Cache Deception Attack – This is where the adversary forces initiation of a website request with the goal of having a web caching service interpret the request differently than the origin web server would. The attacker attempts to trigger the caching of content that the origin would typically not allow to be cached. Many web servers will, if given a request for a non-existent object /a/b/c/d, will use /a/b/c or /a/b (if they exist), to process the request. This is used in many dynamic applications like ticketing system. In this attack, the attacker adds to the URL of a dynamic, uncacheable page a structure that ends in a commonly cacheable filetype (.jpg, .css., et al), with a target of having it cached.

Website Cloning – There are legitimate reasons why you would want a copy of your live website, e.g. to diagnose a bug. There is software available that allows you to download the publicly available contents of a website and store it locally – a clone/copy of the website. Cyber Criminals can also clone websites with the intention of imitating the legitimate website for nefarious reasons. They will typically infect the clone with malware, post it at a similar URL/address to the target and get victims to access the site normally via some form of Phishing attack. Once the clone is accessed, and the hackers have what they want, you are typically redirected to the genuine site. See also ‘Water Holing above.

Web Skimming is a form of internet or carding fraud whereby a payment page on a website is compromised when malware is injected onto the page via compromising a third-party script service in order to steal payment information.

Website Spoofing – This is where a fake website is built with the goal of misleading users, gaining their trust, and assuming the identity of a legitimate group or organization. The spoof website will frequently adopt the design of the target website and sometimes mimic the URL with alternate characters. A more sophisticated attack can involve the perpetrator building a ‘shadow’ version of the World Wide Web by routing all of the user’s web traffic through the attackers console. This type of attack captures all of the victims sensitive information. Another method used by domain spoofing attackers is to use a cloaked URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website. See also Website Cloning and Domain Typo Squatting.

Whaling – This is a highly focused form of Phishing attack that is largely targeted at executives. This is similar to Spear Phishing.

White Hat Hacker – See also the definition of Hacker above. Often called a Penetration Tester, this is a hacker that is typically authorised to test the security or integrity of computer systems and responsibly disclose such vulnerabilities. They will typically use the same skills and tools as a Black Hat Hacker.

Wireless Analyzer/WiFi Analyzer – A Packet Analyzer used for intercepting traffic on wireless networks

Wiper – A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Wire Tapping – This is a form of electronic eavesdropping where an attacker will install some device, or software, that allows them to listen in to conversations and/or data transmissions across electronic mediums (e.g. telephone lines, fibre optic cable, wireless/radio communications). It is a form electronic surveillance, often used by law enforcement under a court order, but is also used illegally by cyber criminals to gather information about an organisation as part of a wider cyber attack. This can provide the material needed for a Spear Phishing attack. Wire tapping is not a preferred method of gathering information, as there are other methods that are easier to exploit (e.g. the results of a data breach, or the many social media sites and search engines not withstanding dedicated hacking tools). A wire tap can also be easily detected through discovery of the actual equipment attached to the line, or through monitoring delays in transmission.

Worm – This is very similar to a virus, in that it is self replicating, but typically does not attach to existing files in the system to do so. They often use the computer network to spread their payload. They are often delivered using a social engineering attack via email or instant messaging.


XML – eXtensible Markup Language. XML (similar to HTML) uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML.

XMPP – eXtensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service, and use it to interact with any other XMPP service.


Tottabyte – often abbreviated as YB, this is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage.


Zero-Day Vulnerability – Also known as 0-day. This is a vulnerability that is not previously known to the developer of the software. As a result, hackers may exploit this vulnerability with some impunity and may be actively exploiting it in the wild before it is known to the developer, or people interesting in mitigating the flaw. Once it is known to the developer of the software, they effectively have zero-days to provide a fix.

Headline image provided by Edho Pratama on UnSplash