Phish, Phlash, Spoof: Do You Know Your Cyber Security Vocab?
Phishing attack, spoofing attempt, ransomware, botnets… the lingo surrounding technology can be pretty strange, but it can all lead back to a very real threat to your data if you’re not on top of it. Even worse, new technology and new methods of attack appear practically every day, making it hard for even the most highly-skilled IT professionals to stay ahead of the game.
Here’s a list of some of the typical cybersecurity terms that all tech users should know. It’s by no means comprehensive but instead, is culled from some of the most commonly used terms as they apply to consumer-level cybersecurity.
- AV Software – AV, or antivirus software, is a catch-all name that applies to any software that protects your computer from viruses, spyware, and other malicious software. Depending on the type you purchase, it might run scans from time to time to see if there are any infections on your computer, or it might actually block threats in real-time, preventing harmful software from downloading and installing. It’s absolutely critical that you have AV software installed, and that you update it routinely.
- DDoS attack – These letters stand for distributed denial-of-service attack, and they happen when someone manages to tie up an entire network and make it useless. It’s actually crossed over into ransomware (see below), meaning hackers have launched DDoS attacks that cripple entire websites, online banking systems, and more, and only agree to stop the attack once the victims pay up.
- ISP – ISPs made headlines this month when Congress overturned key Obama-era privacy regulations. ISPs, or internet service providers, are the companies that provide your internet access. Under the new regulations, ISPs can collect important information about you and your internet behavior, and even sell that information to advertisers and other interested parties.
- Password – Why is password even on this list? Shouldn’t you know what a password is by now? Of course you should, but too many people still rely on weak passwords, as well as on passwords that they reuse on multiple websites and accounts. Both of those bad habits can lead directly to a data breach, identity theft, account takeover, or other similar crime. A strong password contains at least 8 characters, and those characters are a mix of uppercase letters, lowercase letters, numbers, and symbols. A unique password is only used on one account.
- Phishing – Just like it’s pronounced, phishing occurs when someone casts out some cyber “bait” and tries to lure you in. This is commonly done through emails but can be done through phone calls, texts, or social media messages. When someone is “phishing,” they’re trying to get you to either turn over information about yourself or others OR to click a link or open an attachment. Doing either of those things could likely install a virus on your computer.
- Phlashing – Phlashing refers to the practice of launching a “permanent” denial-of-service attack (PDos). If someone successfully pulls off a phlashing attack against you, your computer or device will be permanently disabled and nothing can be done to correct it.
- Ransomware – As the name implies, ransomware basically kidnaps your computer or device and holds it hostage until the ransom is paid. Hospitals, medical centers, and schools have become highly sought after targets in recent months due to the fact that they tend to pay up rather than face the hefty fines for breach of confidentiality and loss of service.
- Spoofing – There’s an all-too-common practice when it comes to cybercrime, and that’s “spoofing” someone’s account and pretending to be someone else. A large number of data breaches have occurred as a result of spoofing a boss’ email account, then messaging someone else in the company to request information on customers, employees, or both. Spoofing isn’t always easily identified, but if you know what to look for, you might be able to tell a real account from a fake.
- Two-factor authentication – You’re probably used to logging into at least one internet account by now, but there’s another way to login that adds a layer of security to the process. Two-factor authentication means you have to provide two pieces of information in order to access the account. It might just be a security question that you must answer, as well as provide the password. An even safer method requires you to receive a text message to a previously stored phone number, then enter the code contained in the text along with your password
- VPN – A virtual private network is also making headlines, largely as a result of the ISP news. VPNs serve as a private “tunnel” onto the internet that keeps prying eyes out of your activity. They also help you “pretend” to be somewhere else; that isn’t always a criminal thing, even if it sounds like it. A US consumer traveling to Europe, for example, can’t access his own paid Netflix account due to international copyright licensing. A VPN allows him to pretend to be back home in the US and enjoy his favorite show.
It’s hard to stay on top of the latest cyber security findings, but by keeping an eye out for trends and headlines, you can do a lot to protect yourself. Signing up for scam alerts and following sites like the Identity Theft Resource Center can help you stay informed when new terms—and new forms of attack—arise.
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.