Morgan Stanley
  • Wealth Management
  • Apr 13, 2022

The Top Cybersecurity Terms You Need to Know

Knowledge is your first line of defense.

Alarming reports of cyberattacks against large corporations, small businesses and individuals regularly appear in our daily news cycle. 

Having a basic understanding of cyber terminology and jargon—and staying up to date about new schemes—can go a long way towards keeping your money, identity and family safe. 

We’ve compiled a list of common terms to make it easier for you to comprehend the reports or articles you come across and give you the opportunity to react quickly to threats.

Top Terms: Cyber Threats and Attacks

Malware: A broad term referring to malicious software that, once installed on your device, could enable hackers to gain access to it. Once that happens, cybercriminals may be able to control your device, steal your identity and commit fraud.

  • Ransomware prevents you from accessing devices, computer networks, systems or files—essentially holding them hostage. To regain control, cyberthieves will demand payment from you, usually in the form of cryptocurrency.
  • Spyware allows cybercriminals to track and record all your online activities, as well as capture sensitive information, such as passwords. Hackers can sell your tracking information to third parties interested in learning more about your online activities or interests.
  • Keylogger is spyware that quietly records all of your strokes on a computer or mobile keyboard. While keyloggers can be used for legitimate reasons, cybercriminals can use this technology to steal your login credentials and other sensitive information.
  • A Trojan (like the Trojan Horse for which it is named) is a sneaky form of malware that appears to be a legitimate application or file (like a game, antivirus software or banking app). But, after you install it on your device, it can seize control, stealing your data, disrupting your network and taking other harmful actions.

Social Engineering: This is a deceptive tactic that uses social interactions—and often psychological manipulation—to obtain your personal information or gain access to your accounts. The fraudster behind a social engineering scam may pretend to be a representative of a legitimate organization.

  • Phishing is a social engineering scheme that typically relies on emails (but can also occur via phone or text). The goals is to trick you into providing sensitive information or downloading malware onto your device (through clicking on a link or downloading an attachment). Spear phishing is a type of phishing that involves prior research and targets a specific individual or organization. Spear phishing messages are carefully crafted to appear authentic, which makes them difficult to detect.
  • Spoofing and phishing often go hand in hand. With a spoofed phone call, the incoming number on your caller ID may falsely display the number of a well-known company or government agency.  A spoofed email will forge the sender address or email header of a reputable entity to fool victims.

Clickjacking: With this attack, a cybercriminal creates an invisible interface layer that’s placed over a legitimate site. If you click on a link on the site and enter your personal information, your data is secretly hijacked by the hacker and the authentic site never receives your information.

Zero-day: Refers to recently discovered vulnerabilities in security networks that hackers can exploit to attack systems. A “zero-day attack” occurs when bad actors have already taken advantage of the security weakness before it can be fixed.

Bot: A software program that automatically performs simple, repetitive tasks that usually imitate human user behavior. While many bots are harmless, some are programmed to carry out malicious activities, such as hacking your accounts or sending spam.

Top Terms: Data and Device Protection

Encryption:  The process of taking unprotected data and converting it into a scrambled code. Only authorized entities with a decryption code will be able transform the data back to its original, readable condition. Data can be encrypted using several formats.

Multi-factor authentication (MFA): Also known as two-factor authentication, MFA requires you to provide at least two credentials when accessing your account—making it more difficult for hackers to gain access. In addition to your username and password, MFA requires another factor to verify your identity, such as a one-time security code or a fingerprint or facial recognition scan.

Firewall: Software or hardware that places a virtual “wall” between your network and the outside world that limits internet traffic into and out of your network. It’s designed to block malicious software and attackers from entering your network’s IP addresses, and prevent direct, unauthorized connections from outside your network.

Backups: Backups safely store a copy of your data offline, usually using an external hard drive, USB device or the cloud. If your device is lost, stolen, broken or compromised by a virus, you can recover your data by using your backup.

Patches:  Periodic security updates released by developers to “patch” software vulnerabilities or fix bugs within a program or product.

Virtual private network (VPN): Allows you to create a secure, private network connection (or a “virtual tunnel”) through a public internet connection by masking your IP addresses and locations. Using a VPN sharply reduces the risk of having your private data and online activities visible to third parties.

Learn More

Again, knowledge plays an important role in the ongoing battle against cyberthreats.  We encourage you to take advantage of the educational resources available through our Security Center for more insights about cyber schemes, emerging threats and preventative measures.