Internet crime, also known as cybercrime, is an umbrella term for a wide range of offenses directed at IT systems, data networks, and the internet in general. These attacks in cyberspace can be personally motivated, as in the case of cyberbullying, but the criminals are mostly out to make a fast buck.
Cybercrime can affect individuals, companies, political and cultural institutions, government bodies or education institutions like schools or universities. We’ve collected some of the key terms relating to crime on the internet in our glossary.
Advance payment fraud is basically any form of fraud in which an advance payment must be made in order to subsequently receive a product or service.
Attack or cyberattack: a targeted strike against an important and usually large computer network. Cybercriminals often attempt to bypass security systems or feed malware into a system so as to extort money from a company, steal information from it or sabotage its business.
Cyberbullying (also known as online bullying or internet bullying): a term that covers various forms of insulting, defamatory, coercive or threatening behavior or harassment via social media platforms, websites, chatrooms, instant messaging or cellphone. It is on the rise and among the greatest threats facing anyone who uses the internet and social media.
Data leak: an incident in which unauthorized parties gain access to a collection of data – most commonly user names and passwords. In the broader sense, it can also refer to the unwanted deletion of data.
Data misuse: use of data for criminal purposes without the data owner’s permission. Cybercriminals employ tactics such as phishing or hacking to steal personal information like passwords or login details and use them to obtain money as quickly as possible. This can cause substantial losses for victims, who sometimes face a long fight to regain control of their own identity.
Doxing: collecting and publishing personal information from various online sources. Many doxing attacks only employ information from the public domain, such as photos on social media, websites or online phone books. This information is bundled together and presented in a new context, which can cause serious harm for victims – often politicians, sportspeople or celebrities.
Fuzzing (also known as fuzz/robustness/negative testing): a simple method of testing software. Hackers use this essentially harmless technique to bombard computers with masses of random data until they crash or reveal vulnerabilities.
Fake shop: a fraudulent online shopping platform that demands payment in advance but never delivers the goods it promises. Fake shops tend to stay online only for a short time and can only be identified as fake on close inspection, for example because their real-world address appears strange, they don’t even provide a real-world address or they use a quality label that doesn’t really exist.
Hacking: exploiting gaps in security to break into a third party’s computer system and manipulate, delete or steal data. Hackers are often IT specialists or programmers with criminal intentions.
Identity theft: fraudulent third parties illegally gaining access to an individual’s personal information, such as user names, passwords or bank account and credit card details. Stolen identities are most commonly used to conclude contracts or sold on the darknet for illegal purposes.
Identity misuse: criminal use of an individual’s personal information, such as bank account and credit card details, date of birth or social security number, by third parties, usually to obtain money.
E-mail bomb: an instrument of cyberterrorism. Cybercriminals send a flood of e-mails – either with or without attachments – to block the victim’s inbox. E-mail bombs can involve up to 1,000 spam e-mails being sent at once, which can tie up a company’s server for hours or even cause it to crash.
Malware: short for malicious software, i.e. programs developed to carry out unwanted and often harmful functions on a target system.
Nicknapping: made up from the words “nickname” and “kidnapping”, a particular form of identity misuse in which cybercriminals use false user names or aliases on forums or chat sites to manipulate others, damage reputations or spy on people.
Pharming: a form of internet fraud in which cybercriminals redirect users to a fake site hosted on their own “server farm”, allowing them to intercept sensitive data like passwords, credit card information, and account numbers without the users knowing.
Phishing: an attempt to collect login or credit card information using fake e-mails, instant messages or websites. The intention is to exploit the user’s identities stolen in this way for criminal purposes, usually to obtain money as quickly as possible.
Quishing attacks differ from regular phishing attacks in that they use QR codes rather than text-based links in emails. When a user scans the QR code, their device can extract the displayed link and direct the user to this URL. It is significantly harder to recognize and block quishing attacks that use QR codes than it is for regular phishing attacks. This is because QR codes are pictures that are decoded into URLs rather than plain text in a message.
Skimming: a form of offline crime in which ATMs or access doors to bank branches are manipulated in order to obtain credit card information illegally. The data stored on the magnetic strips of debit and credit cards are read and copied onto other cards. The perpetrators sometimes place miniature cameras near the keypad to record people entering their PIN. They can then use the falsified cards to withdraw money or pay for goods and services at their victims’ expense.
Spoofing: IT jargon for falsifying a trusted identity to gain access to a third-party computer system or network.
SSL encryption: short for Secure Sockets Layer, a standard for encrypted communication on the internet. Data transmission in SSL format guarantees that personal information such as credit card numbers are transmitted in encrypted form – so that third parties cannot manipulate or steal this data during transmission
Trojan: short for Trojan horse, a form of malware. Disguised as a useful application, a Trojan carries out a hidden, normally damaging function in the background without the user knowing. Hackers use Trojans to gain access to third-party systems. As soon as they have infected a system with a Trojan, cybercriminals have free rein to steal, delete, manipulate, copy or block confidential files.
Virus: in the IT world, a virus is a form of malware designed to spread between computers and cause damage to programs or operating systems. Viruses can adversely affect a computer’s performance, corrupt or delete files or software, or even knock out entire systems. Just like the flu virus, they spread from system to system by replicating themselves.
Vishing is a type of fraud in which scammers trick people into giving out confidential information such as passwords or banking details over the phone. Often the scammers pretend to be from a bank or a government agency in order to gain the victim’s trust so they can obtain sensitive information for fraudulent purposes. The term vishing is a combination of the words voice and phishing, a type of e-mail and text message fraud.
Zero-day exploit: a form of cyberattack focused on a previously unknown software vulnerability. As soon as hackers discover the new weakness, they launch an attack to exploit it on the same day – or “zero day”.
White hat
White hats are the “good guys”, IT experts who use the latest technology to fight cybercrime.
Black hat
Black hats are the “bad guys”, the criminals. They use vulnerabilities and security loopholes in computer systems to infect them with viruses they have written themselves or install malware – usually as a means to obtain money quickly.
Grey hat
Grey hats are somewhere between white and black. They use illegal methods, but they’re not looking to get rich. They might, for instance, discover a weakness in a company’s IT system and make the information public.
Script kiddie
This is a rather derogatory term for amateur black hats with little know-how who often simply download ready-made malware from the internet to attack systems and cause damage.
Industrial espionage hacker
This type of hacker is hired by companies to hack into rival firms’ IT systems in order to spy on them and steal sensitive data.
State-sponsored hacker
State-sponsored hackers are given the means and the time by politicians or governments to attack or spy on other governments, companies or individuals.
Hacktivist
Hacktivists are politically motivated. They might be on a religious mission or intent on uncovering crimes committed by governments.
Whistleblower
Edward Snowden is perhaps the most famous whistleblower of all time. The information disclosed by this former CIA employee lifted the lid on the UK and US intelligence services’ espionage and surveillance practices. A whistleblower is someone who uses their own IT access privileges to inform the general public about injustice.
Cyberterrorist
Cyberterrorists are highly dangerous hackers who mostly have religious or political motives and are only interested in provoking fear and violence. They often attack the infrastructure of a city or an entire country, such as airports or the power grid.