Security Glossary of Terms
Adware is the name for a function within certain software to provide advertising to Customers as they use the software, in order to offset the software development costs. Adware is often confused with spyware and malware, which have potentially malicious effects.
Anti-virus protection software detects, repairs, cleans, or removes virus-infected files. Some anti-virus products also detect and remove spyware, malware, Trojan Horses and other malicious software from your computer. Anti-virus software is usually included with most computer systems and must be regularly updated to be effective.
In the context of commercial banking, dual control is a security function that reduces the likelihood of fraudulent activity against your business account by requiring Automated Clearing House (ACH) originations to be submitted to the bank for processing by two separate users. Dual control makes it harder for criminals to use key stroke tracking programs to intercept your user name and password and gain access to your account.
A firewall is a software or hardware device that limits access to a website, network or computer. Personal firewalls for home or business use are inexpensive and can limit unauthorized access to your home or work computer.
Keylogger (or other malicious software)
A keylogger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a pre-determined remote host. It also can capture screenshots of the user activity, log-in passwords, record online chat conversations or take different actions in order to find out what a user is doing. Often downloaded inadvertently by users clicking on links in fraudulent e-mails, keyloggers pose the most dangerous threat to user privacy.
Malware (or malicious software)
Malware, or malicious software, is intentionally introduced into a computer system for the distinct purpose of causing harm or loss to the computer system or its data, or to be used as a platform to attack other computers. Malware can be unintentionally installed by clicking a button on a pop-up window or visiting a malicious website. Malware can change system parameters, install additional harmful software and may be difficult for you to remove from your system.
A patch is an update to computer software or a web browser that may fix bugs, add new features or close security holes. Most software vendors release browser or operating system security patches regularly, so periodic maintenance is required to ensure sound system security.
Pharming is a variation of phishing in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Once on the fraudulent site, the user will be asked to submit confidential information and the attackers will capture this information for illegal use.
Phishing (or Spoofing)
Phishing, also referred to as "spoofing", is a type of scam with the intent of capturing personal information such as Social Security numbers, online banking user identification numbers, debit and credit card account numbers, and passwords. The user is typically sent an e-mail which appears to be legitimate, asking the user to click a link to a web page. The page may appear to be from a legitimate website and the attacker will ask the user for their debit card number, PIN, Social Security number, etc. A variant of phishing instructs the user to call a certain 1-800 number to verify account information instead of visiting a website.
"Shoulder surfing" is the practice of peering at somebody's PIN or password to gain illegal access to their personal information.
In the world of computer security, the term "social engineering" refers to tricking someone into revealing information that's useful to attackers, such as a password, via e-mail, telephone or face-to-face.
Experts agree that in most successful cyber-attacks, the human factor is the weak link. Social engineers are merely con artists – often very good ones – who use their powers of persuasion to get victims to act against their own better judgment.
Spam is unsolicited e-mail, often commercial in nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups – electronic junk mail. The Can-Spam Act of 2003 requires spam messages to be labeled and requires an opt-out process. Spam is usually blocked by anti-spam software, which must be regularly updated to be effective.
Spyware is software that may appear as adware, but which is generally used to monitor use of the computer in some way without the users' knowledge or consent. Spyware can potentially record keystrokes, browser history, passwords, and other confidential and private information and report these back to a third party using the Internet. Spyware can also deliver spam or advertising without your notice and consent. Certain anti-virus programs can detect and remove spyware.
Trojan Horse programs
Trojan Horse programs (including Remote Access Trojans or RATS) can be hidden in games, videos, music files or programs downloaded from the internet or e-mail and install a malicious program on the target's computer. Many anti-virus programs will detect and remove Trojan Horse programs, but must be regularly updated to be effective.
Also known as "voice phishing," vishing uses the either a combination of e-mail and telephone or an automated answering service to trick you into providing your personal information.
Similar to computer viruses, worms are programs with the ability to replicate themselves and spread from computer to computer via e-mail or the Internet, often shutting down entire networks.