Glossary

Glossary

⁠Identity theft happens when someone steals your personal information, like your Social Security number, and uses it to commit theft or fraud.

Ransomware is a type of malicious software, or malware, which prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.

Social engineering is the use of deception, through manipulation of human behavior, to target and manipulate you into divulging confidential or personal information and using it for fraudulent purposes. Phishing, phishing campaigns, and spear-phishing are just a few examples of social engineering.

• Phishing is the fraudulent practice of sending an email, which appears to come from a reputable source, to lure someone to reveal personal information or click on a link. Just like when you go fishing, you throw a hook into a body of water to bait a fish to bite on the hook. In this case that’s done by a malicious email.
  
• Phishing campaigns generally target a group of individuals or companies by sending multiple fraudulent, but enticing emails, in the hope that at least one person falls for the bait. These emails are often designed to look official—as if coming from your campaign itself, a trusted vendor, donor, or other known sender. 
  
  Phishing has evolved and now has several variations that use similar techniques: 
  • Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.
  • Smishing scams happen through SMS (text) messages.
  • Vishing scams happen over the phone, voice email, or VoIP (Voice over Internet Protocol) calls.
     
• Spear-phishing is a very targeted and customized email to lure the targeted victim to take action. Typically, the adversary has done some research on the victim to understand what would make this specific person fall for the scam. Criminal and foreign sponsored governments, cyber adversaries, use spear-phishing emails to get access to protected networks. Sometimes simply dropping the name of someone the target knows is enough to lower their guard.

Social networking fraud refers to fraudulent activities that take place on internet and social networking platforms, where individuals or groups exploit the trust and personal connections established on these platforms to deceive and defraud others. It involves the use of social media platforms, such as Facebook, Twitter, Instagram, or LinkedIn, to carry out scams, identity theft, or other fraudulent schemes.

Citation: FBI's cyber website and Protected Voices video