Our last 2 posts were naming the various ways that a data breach can occur. Now, that certainly was not a complete list, but it covered the most common. Then it occurred to me that some of the data breach terminology used, when talking about this subject, may be new to many.
So, I thought we’d go with another list. This one covers some of the more common terms used and their meaning. I hope it helps make things a little clearer.
Again, this is far from being a complete list of data breach terminology, but it is enough to get the ball rolling. This list is an excerpt from an article by Sid Kirchheimer in AARP magazine. He is the author of Scam-Proof Your Life, published by AARP Books/Sterling.
Brute-force attack: A hacking method to find passwords or encryption keys by trying every possible combination of characters until the correct one is found.
Catfish: Someone who creates a fake online profile to intentionally deceive you.
Drive-by download: The downloading of a virus or malware onto your computer or mobile device when you visit a compromised website — it happens without your clicking on anything at the site.
Ghosting: Theft of the identity of a deceased person to fraudulently open credit accounts, obtain loans or get utility or medical services in the person’s name.
Hash busters: The random words or sentences contained in spam emails that allow these emails to bypass your spam filters.
Keylogger: A clandestine program that logs sequential strokes on your keyboard and sends them to hackers so they can figure out your log-in credentials.
Malvertising: Malicious online advertising that contains malware — software intended to damage or disable computers.
Man-in-the-middle attack: When a fraudster secretly intercepts and possibly alters messages between two parties who believe they are securely communicating with each other.
Pharming: When hackers use malicious programs to route you to their own websites (often convincing look-alikes of well-known sites), even if you’ve correctly typed in the address of the site you want to visit.
Phishing: The act of trying to trick you, often by email, into providing sensitive personal data or credit card accounts, by a scammer posing as a trusted business or other entity.
Ransomware: A malicious program that restricts or disables your computer, hijacks and encrypts files, and then demands a fee to restore your computer’s functionality.
Scareware: A program that displays on-screen warnings of nonexistent infections on your computer to trick you into installing malware or buying fake antivirus protection.
Skimming: The capture of information from the magnetic stripe on credit and debit cards by “skimmer” devices that are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.
Smishing: Phishing attempts that go to your mobile devices via text message, telling you to call a toll-free number. Named for SMS (short message service) technology.
Spear-phishing: Phishing with personalized email, often appearing to be from someone you know.
Spoofing: Any situation in which a scammer masquerades as a specific person, business or agency, but typically meaning the manipulation of your telephone’s caller ID to display a false name or number.
Spyware: A type of malware installed on your computer or cellphone to track your actions and collect information without your knowledge.
Vishing: Short for “voice phishing,” the use of recorded phone messages intended to trick you into revealing sensitive information for identity theft.
Whaling: Phishing attempt on a “big fish” target (typically corporate executives or payroll departments) by a scammer who poses as its CEO, a company attorney or a vendor to get payments or sensitive information.
Has this list of data breach terminology, got you thinking? If you think you may be a target of a data breach, you’re probably right. Be sure to contact your independent insurance agent to get the latest information on what you can in case a breach occurs. Remember, MrInsurability is only a click away!