Glossary of Terms

Glossary of privacy & security terms

Adware
Software that is unknowingly downloaded and installed on your computer. It goes beyond reasonable advertising, continually generating pop-up ads while you are web browsing. Not all adware is harmful, but often users are annoyed by its intrusive behavior.

Antivirus software
Computer programs that scan for, detect and eliminate malicious software and viruses from your computer. You should periodically download the latest versions of antivirus software to protect your computer from new viruses. No antivirus software offers total protection so it is important to only download programs from secure sites or open email attachments if you know the sender.

Backdoor
A method of bypassing standard authentication procedures while attempting to avoid detection. A backdoor may be installed on an individual's computer through a vulnerability in the operating system or through an existing piece of malware, such as a Trojan horse, worm, or rootkit. The backdoor turns the computer into a zombie, enabling attackers to run scripts to invisibly surf the net, load and reload pages that support ads, and click on ads.

Bot
A software application that performs automated tasks online. These tasks are generally simple and structurally repetitive, such as web spidering. Bots can be used maliciously to commit click fraud by botnets through a command-and-control infrastructure. Newer versions of bots can scan their hosts for vulnerabilities and weak passwords.

Botnet
A botnet is a number of Internet computers that have been infected and set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.

Credit monitoring
Immediately reports all changes and inquiries made to your credit report. If your identity or other confidential personal information has been compromised, you will be able to identify it by monitoring your credit history.

Encryption
One of the most effective methods for making sure information on a website or in an email message cannot be read by a third party. The technique involves scrambling data entered on websites to make it unintelligible to unauthorized parties. Encryption is often used on websites that conduct ecommerce and store personal information.

Firewall
A firewall is a system that prevents unauthorized access to corporate, private and home networks. It is similar to a locked door that can only be opened with the proper key. An enterprise with an intranet that allows its workers access to the wider Internet typically will install a firewall to prevent outsiders from accessing its own private data resources.

Identity theft
This occurs when your name and personal information are stolen and used for fraudulent purposes, typically for financial gain. Identity Theft is most commonly used in relation to credit card fraud.

Key-logging software
This software monitors each keystroke a computer user types on a specific computer keyboard. Key loggers are widely available on the Internet and can be used by anyone for malicious intent. It is almost impossible to detect a key logger on your computer and, even if you're careful, you'll never know if it is recording information such as bank account passwords and credit card numbers. The best rule of thumb is to carefully monitor what you download and what sites you visit.

Malware ("malicious software")
This is any software developed with the purpose of destroying or harming your personal computer or a computer network.

ONBSecure
This added layer of security for your Online Banking account works by learning and monitoring your Online Banking pattern – what time you typically log on, what computer or computers you tend to use – and asking you to answer a pre-determined security question once a month or whenever this pattern is broken.

Pharming
This practice redirects users to a fraudulent website without their knowledge when they type in a legitimate website address. This is usually the work of a Trojan Horse or other related virus.

Phishing
"Phishing" (pronounced "fishing") is the act of sending an e-mail that fraudulently represents a legitimate company and "lures" you into divulging personal and financial information that could then be used for identity theft. Phishing is becoming more popular because of the ease with which unsuspecting people often divulge personal information to phishers, including Social Security numbers and mothers’ maiden names.

PIN (Personal Identification Number)
A confidential number created in order for a system to authenticate you as the proper user, often used for ATM access with a banking card.

Pop-ups
Unwanted advertising that appears when you are connected to the Internet. Pop-ups usually appear as new, small browser windows. They are a intended to increase web traffic or capture e-mail addresses. Many web browsers now allow users to block pop-ups completely.

SSL (Secure Sockets Layer)
A protocol designed to create a secure connection over the Internet while web browsing. SSL works by creating a temporary, shared code between two computers, allowing you to transmit personal data securely. A site using SSL will display the image of a lock in the bottom-right corner of the status bar. You also may set your browser to alert you if you enter a site not secured through SSL.

Shoulder surfers
People who stand behind you at ATM or debit card machines and try to steal your PIN numbers and passwords as you type them in. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form or enter their PIN at an automated teller machine.

Skimming
Thieves implant a data storage device at an ATM or retail checkout terminal that reads (or "skims") the magnetic strip on your credit or debit card. You still have your card, but the thieves have your card number and can create a counterfeit version of your card.

Social engineering
Obtaining confidential information through the manipulation of legitimate users. A social engineer commonly uses the phone or Internet to trick people into revealing sensitive information. Social engineers exploit the natural tendency of a person to trust their word, rather than exploit computer security holes. The simplest ploy is to pretend to be an administrator and request a password for various purposes.

Spam
Unwanted or unsolicited messages, usually sent in mass quantities through e-mail.

Spyware
A software application that can be remotely installed (by a pop-up or virus) on any computer that you are using (your home PC, an Internet café, library computer, etc.) without your knowledge. Spyware lets a thief track everything you do online. More benign programs attempt to track what types of websites a user visits then sends this information to an advertisement agency. More malicious versions try to intercept passwords or credit card numbers.

Trojan horse
A computer program that masquerades as something it isn't, such as a game, and performs a destructive activity once it is run, such as stealing a password or destroying data on your hard drive. A Trojan Horse is technically a normal computer program and does not possess the means to spread. It relies on fooling people to perform actions that they would otherwise would not perform.

Vishing
A practice of tricking someone over the phone into giving out personal and financial information. The victim usually receives an automated call telling them their credit card has been used fraudulently and provides a phone number for them to call and report it. The phone number is usually answered by an automated service that proceeds to ask the victim for credit card information, PINs, Social Security numbers, etc. Once the victim enters the information, the visher can use it for unauthorized charges.