Cybercrime Terms Every Financial Institution Should Know



an·ti·vi·rus ˌ(anˌtīˈvīrəs)
A software designed to scan computer files and identify and quarantine those that are malicious.


black·list·ing (ˈblakˌlist iNG)
The act of compiling a list to be used for controlling or denying access by those who are under suspicion. The list may be of email addresses, users, password, URLs, IP addresses, or domain names.


bot·net (ˈbätˌnet)
A large number of malware infected, internet-connected devices that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.


crime·ware (ˈkrīmˌwer)
A class of malware, or malicious software, designed specifically to facilitate illegal, online activity with the intent on stealing confidential, sensitive data.


Cryp·to·jack·ing (ˈkrip tō jak iNG)
The practice of using cryptomining malware or another delivery mechanism, such as browser-based cryptomining without the users’ knowledge or permission. The malicious code runs in the background as victims continue to use their computers normally without any indication that the malware is installed and running. One indicator of an infection is a noticeable drop in device performance, but this can be difficult to detect. (See also: cryptocurrency and cryptomining)


Cryp·to·curr·en·cy (ˈkrip tō kər en sē)
A form of digital money intended to be secure by using a technique similar to secure communications. Often allowing for anonymity, cryptocurrency can be used to make payments without going through banking systems.


Cryp·to·mi·ning (ˈkrip tō mīn iNG)
The process responsible for ensuring the authenticity of the information inherent with cryptocurrency transactions. It involves solving highly complicated mathematical problems; therefore, it requires large amounts of hardware and processing power to be effective. Cryptomining is not illegal.


cy·ber·at·tack (ˈsībərəˌtak)
A malicious attempt by criminals to control, disrupt or damage computers, networks, devices or other technology.


cy·ber·threat (ˈsībərˌTHret)
The possibility of malicious attempt to control, disrupt or damage computers, networks, devices or other technology.

Cyberthreat Hunting

Cyberthreat Hunting is the proactive process of searching for potentially malicious threats to your network. The process is continuous as the threats and their harmful intentions evolve over time.

Data breach

The release of confidential, secure data to an unauthorized recipient.

Distributed Denial of Services (DDoS)

An attack on an organization in an attempt to render devices or network resources unavailable.

DNS Filtering

The common practice of blacklisting known malicious websites by filtering, or blocking, their domain names and/or the associated IP addresses.

Dwell Time

The amount of time that passes between the date of a security breach and the date the breach is discovered. Also known as “breach detection gap.”


end·point (ˈen(d)point)
In terms of technology and in the context of security, an endpoint is any user device such as a computer, laptop, mobile device or tablet that connect to a corporate network, thereby potentially providing a vulnerability that could be exploited by malicious actors.


fire·wall (ˈfī(ə)rˌwôl)
A network security system designed to monitor access requests and determine which to block and which to permit based on predetermined security rules. A firewall is commonly considered the “first line of defense” in It security.


hack·er (ˈhakər)
A person, with either innocent or malicious intent, who uses computers to gain unauthorized, illegal access to computers, networks, devices or other technology.


hon·ey·pot (ˈhənēˌpät)
A program that simulates a network service that is set up to be vulnerable and easy for hackers to find for use as a trap so IT security team members can log access attempts and be aware of a pending cyberattack.


The act of hacking a bank ATM machine to gain access to its operating code, change passwords, modify withdrawal fees, or simply withdraw cash.


mal·ware (ˈmalwer)
A type of malicious software, designed specifically to facilitate illegal, online activity with the intent on stealing confidential, sensitive data.


phish·ing (ˈfiSHiNG)
The practice of using emails that appear to be from a trusted source to trick a user into unwittingly providing sensitive information at a fake website. The criminals mimic a trusted organization’s emails and website and typically attempt to obtain users names, passwords or credit card details.


ran·som·ware (ˈransəmˌwer)
A type of malware, or malicious software, designed with the unique intent on encrypting then blocking an owner’s access to their data or files until a specified sum of money is paid.

Rogue Actor

Rogue (ˈrōɡ) ac·tor (ˈaktər)
A person who mischievously behaves in an atypical manner and often causes damage. In the context of cybercrime, a rogue actor is an individual who gains unauthorized access to a network intent on finding valuable, confidential data.


An abbreviation for Security Event Log Monitoring, which describes the activity of collecting, reviewing and scrutinizing event logs to identify any potential security compromises or breaches.


An abbreviation for Security Information and Event Management, a combination of Security Information Management (SIM) and Security Event Management (SEM), is designed to provide a holistic view of an organization’s IT security with real-time analysis of security alerts.


spoof·ing (ˈspo͞of, iNG)
An attempt by an unknown, unauthorized source mimicking a trusted source in an attempt to trick the recipient and gain access to a device or network.


spy·ware (ˈspīwer)
A software that is designed to gather user information or monitor activity and send it to another entity without the users knowledge or consent.


white·list·ing (ˈwītˌlist iNG)
The act of compiling a list of vetted entities that are permitted to obtain access. Rather than blacklisting and blocking access by known malicious actors, whitelisting provides added security as each member must be granted explicit access.


worm (wərm)
A self-replicating computer program that can run independently, can propagate itself across a network, and may have malicious intent, such as consuming resources destructively. Also known as “cryptowork.”

Zero Day Attack

An attack that takes advantage of a previously unknown flaw or failure in a computer program, giving attackers a head start on malicious activities since the program remains vulnerable until a patch can be developed and applied.