Cybercrime is a constant threat to businesses, taking many forms and creating different risks, so it is important to understand what you need to protect yourself.  Our cyber experts have put together this glossary of cybercrime terms based on threats they’ve encountered. If there’s a threat you want to know about and we’ve not included it, let us know, and we’ll add it.

Credential Stuffing:

Cybercriminals use stolen or leaked login credentials from one service to gain unauthorised access to other accounts where individuals may have reused passwords.

Data Breaches:

Unauthorised access to and theft of sensitive data, such as customer information, intellectual property, or employee records.

Distributed Denial-of-Service Attacks (DDoS):

Cybercriminals disrupt a business’s online services by overwhelming them with traffic. This can lead to downtime, loss of revenue, and damage to a company’s reputation.

Email Compromise:

Cybercriminals gain access to a business email account and use it to impersonate executives or employees. They may then trick employees into transferring funds, revealing sensitive information, or performing other malicious actions.

Insider Attacks:

Theft of sensitive information and other incidents resulting from employees or contractors with malicious intent, or accidental compromise of security.

IoT Attacks:

Cybercriminals exploit vulnerabilities in connected ‘Internet of Things’ devices to gain unauthorised access to business networks or launch attacks.

Malware:

Cybercriminals use malicious software, including viruses, worms, and trojans, to infect a business’s systems, causing damage, stealing information, or allowing unauthorised access.

Phishing:

Cybercriminals use deceptive emails, messages, or links to websites to trick individuals into providing sensitive information such as usernames, passwords, or financial details.

Quishing:

QR code phishing – where users can be tricked into installing malware on their devices by scanning an unknown QR code.

Ransomware:

A type of malware that encrypts files on a victim’s system, rendering them inaccessible. Cybercriminals then demand a ransom, usually in cryptocurrency, in exchange for the decryption key.

Smishing:

SMS messaging attacks – where a text is sent to try and get users to click on a link or share information, this may install malware on your phone.

Social Engineering:

Cybercriminals manipulate individuals into divulging confidential information or performing actions that compromise security. Can include pretexting, baiting, or quid pro quo tactics.

Supply Chain Attacks:

Cybercriminals gain unauthorised access to systems or spread malware through a business’s suppliers or partners.

Vishing:

‘Voice – Phishing – where personal or financial information is attempted to be gathered from a phone call.

Whaling:

A type of phishing attack that targets the most senior members of an organisation through fraudulent emails, text messages or phone calls to extract sensitive information.