Fraud Speak: Learn the Lingo to Beat Scammers

thumb As you are well aware, hackers and scammers pose an ongoing threat to your payment data. A single data breach can do enough damage to your company’s brand and finances to last years – if not bring an end to, or at least greatly hamper, your business operations. This is one of the reasons why we suggest layering the strongest payment security tools available. But, it also doesn’t hurt to stay up to date on the methods that are being used to steal payment data. AARP recently put out an informative article detailing some common scamming terms that you should be aware of. Knowing what types of attacks to look for can make all the difference between staying protected and letting the bad guys right in the front door.

Brute-force attack: A hacking method to find passwords or encryption keys by trying every possible combination of characters until the correct one is found.

Catfish: Someone who creates a fake online profile to intentionally deceive you.

Drive-by download: The downloading of a virus or malware onto your computer or mobile device when you visit a compromised website — it happens without your clicking on anything at the site.

Ghosting: Theft of the identity of a deceased person to fraudulently open credit accounts, obtain loans or get utility or medical services in the person's name.

Hash busters: The random words or sentences contained in spam emails that allow these emails to bypass your spam filters.

Keylogger: A clandestine program that logs sequential strokes on your keyboard and sends them to hackers so they can figure out your log-in credentials.

Malvertising: Malicious online advertising that contains malware — software intended to damage or disable computers.

Man-in-the-middle attack: When a fraudster secretly intercepts and possibly alters messages between two parties who believe they are securely communicating with each other.

Pharming: When hackers use malicious programs to route you to their own websites (often convincing look-alikes of well-known sites), even if you've correctly typed in the address of the site you want to visit.

Phishing: The act of trying to trick you, often by email, into providing sensitive personal data or credit card accounts, by a scammer posing as a trusted business or other entity.

Scareware: A program that displays on-screen warnings of nonexistent infections on your computer to trick you into installing malware or buying fake antivirus protection.

Skimming: The capture of information from the magnetic stripe on credit and debit cards by "skimmer" devices that are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.

Smishing: Phishing attempts that go to your mobile devices via text message, telling you to call a toll-free number. Named for SMS (short message service) technology.

Spear-phishing: Phishing with personalized email, often appearing to be from someone you know.

Spoofing: Any situation in which a scammer masquerades as a specific person, business or agency, but typically meaning the manipulation of your telephone's caller ID to display a false name or number.

Spyware: A type of malware installed on your computer or cellphone to track your actions and collect information without your knowledge.

Vishing: Short for "voice phishing," the use of recorded phone messages intended to trick you into revealing sensitive information for identity theft.

Whaling: Phishing attempt on a "big fish" target (typically corporate executives or payroll departments) by a scammer who poses as its CEO, a company attorney or a vendor to get payments or sensitive information.