software that collects and forwards data to advertising companies or causes banner ads to pop up as the Internet is surfed
using software to guess company addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail lists
making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source
unauthorized access, modification or use of computer system, usually by means of a PC and a communications network.
logic bombs and time bombs
software that sits idle until a specified circumstances or time triggers it, destroying programs, data or both
communications that request recipients to disclose confidential information by responding to an e-mail or visiting a website
attacking phone systems to get free phone access; using phone lines to transmit viruses and to access, steal and destroy data
tapping into a communications line and entering a system by latching onto a legitimate user
bypassing physical security controls by entering a secure door when an authorized person opens it
truncating interest calculations at two decimal places and placing truncated amounts in the perpetrator's account
scavenging / dumpster diving
searching for confidential information by searching for documents and records in garbage cans, communal trash bins and city dumps
software that monitors computing habits and sends that data to someone else, often without the user's permission
executable code that attaches itself to software, replaces itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays messages.
Similar to a virus; a program rather than a code segment hidden in a host program. Actively transmits itself to other systems. It usually does not live long but is quite destructive while alive.
Address Resolution Protocol (ARP) spoofing
Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network hots's hardware address when only its IP or network address is known.
Taking control of someone else's phone to make calls, send texts, listen to phone calls or read their texts.
Botnet, bot herders
a network of hijacked computers. Bot herders use these hijacked computers, called zombies, in a variety of Internet attacks.
Buffer overflow attack
Inputting so much data that the input buffer overflows. The overflow contains code that takes control of the computer
Caller ID spoofing
Displaying and incorrect number on the recipient's caller ID display to hide the identity of the caller.
Cross-site scripting (XSS) attack
Exploits Web page security vulnerabilities to bypass browser security mechanisms and create malicious link that injects unwanted code into a website.
Requiring a company to pay money to keep an extortionist from harming a computer or person.
Sniffing the ID of a Domain Name System (server that converts a Web site name to an IP address) request and replying before the real DNS server.
Sending a threatening message asking recipients to do something makes it possible to defraud them.
A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.
IP address spoofing
Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system.
Assuming someone's identity by illegally obtaining confidential information such as Social Security number
Inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means to discover his or her PIN, and then using the card and PIN to drain the account.
Man-in-the-middle (MITM) attack
A hacker placing him self between a client and a host to intercept network traffic; also called session hijacking
Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user.
Penetrating system defenses, stealing passwords, and decrypting them to access system programs, files, and data.
Using a small device with storage capacity (iPod, Flash Drive) to download unauthorized data from a computer
Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering items sold.
Software that conceals processes, files, network connections and system data from the operating system and other programs.
Double-swiping a credit card or covertly swiping it in a card readers that records that data for later use.
Using short message service (SMS) to change the name or number a text message appears to come form.
A spam blog that promotes Web sites to increase their Google PageRank (how often a Web page is referenced by other pages).
Software that monitors computing habits and sends the data to someone else, often without the user's permission.
SQL injection attack
Inserting a malicious SQL query in input in such a way that is passed to and executed by an application program
Websites with names similar to real Web sites; users making typographical errors are sent to a site filled with malware.
Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to divulge confidential data
Dialing phone lines to find idle modems to use to enter a system, capture the attached computer, and gain access to its network(s).