Skip to content

Cybersecurity Glossary: Part 2

Cyber threats and the tools and technologies we utilize to defend ourselves are constantly evolving. The best approach to security is a multi-layered one; one that includes strengthening the “human firewall.” You can help protect your business by staying informed on cybersecurity attacks and associated jargon. Here’s a list of terms that we get asked about all of the time in client conversations, we hope it helps you better understand the current threat landscape!  
Phishing
The process of attempting to acquire confidential information, such as usernames, passwords and credit card details by pretending to be a trustworthy person using bulk email which tries to evade spam filters. These emails often appear to come from popular social media platforms, banks or delivery companies.
Smishing
Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. Victims are persuaded to give up sensitive information to a hacker.
Spear Phishing
Like phishing attempts, spear phishers use email to urge a victim to click on a malicious link or attachment. However, unlike phishing, spear phishers carefully research their targets, so the attack appears to be from trusted senders in the targets’ life. Once the victim completes the intended action, the attacker can steal the credentials of a targeted legitimate user and enter a network undetected. These kind of attacks often appear to be from someone within a victim’s organization.
Vishing
Vishing uses the phone to steal personal confidential information from victims. Like phishing and smishing, vishing relies on convincing a victim to respond to a caller that then pretends to be calling from the government (commonly the CRA), police or bank. 
Quishing
Quishing, also known as QR code phishing, involves tricking someone into scanning a QR code, visiting a fraudulent website and giving up their credentials or other sensitive information.
Encryption
Encryption is the process of converting or scrambling data and information into an unreadable, encoded version that can only be read with authorized access. 
BitLocker
BitLocker is an encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect drive content and data from any offline attack.
Spoofing
Spoofing is when hackers pretend to be someone to win a person’s trust to gain access to their systems, steal sensitive data, money, or spread malware. It usually involves an element of social engineering, where scammers manipulate their victims by playing on human vulnerabilities such as fear, greed, or lack of technical knowledge.
Ransomware
A form of malware that locks the user out of their files or their device, then demands a payment to restore access. Ransomware attackers target businesses, organizations, and individuals.
Cybersquatting
A tactic used by hackers to lure victims to websites that appear to be popular brands, services etc., like Netflix. Cybercriminals register domain names that appear to be related to existing domains or brands, with the intent of profiting from user mistakes. 
Pig Butchering
Pig butchering scammers make contact and develop long-term communication with victims through various social media sites or dating applications. After winning the victims’ trust, they convince the victims to invest in fraudulent cryptocurrency platforms. These platforms are fake and controlled by hackers often showing huge gains to spur additional investment. 
DCU 
The Microsoft Digital Crimes Unit is a Microsoft sponsored team of legal and security experts who use the latest and most effective tools and technologies to stop or interfere with cyber threats
Payment Disruption
In an effort to combat the cost of cybercrime, the DCU is developing a comprehensive “disruption” strategy with public and private stakeholders, like banks, payment processing providers, crypto exchanges and law enforcement to stop the money flow from victims to cybercriminals.  
Multifactor Authentication (MFA) Fatigue
Attackers generate multiple requests for MFA to the victim’s device, hoping that the victim will accept the request either inadvertently or as a result of fatigue. This attack can be prevented by using modern authenticator apps, such as Microsoft Authenticator combined with features such as number matching and enabling additional context. 
WAF 
A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.
As the cyber threat landscape evolves, so do the terms defining the threats and the tools we use to defend ourselves and our businesses. If you missed part 1 of this blog series, you can find it here. Stay tuned for more cybersecurity glossary posts in the future!

We are local!

WE HAVE PRESENCE IN VICTORIA, VANCOUVER, PRINCE GEORGE, CALGARY, AND TORONTO.