The Top Cybersecurity Terms You Need to Know

Sep 15, 2023

When it comes to cybersecurity, knowledge is your first line of defense.

Key Takeaways

  • Alarming reports of cyberattacks against large corporations, small businesses and individuals regularly appear in our daily news cycle.
  • Having a basic understanding of cyber terminology—and staying up to date about new schemes—can go a long way towards keeping your money, identity and family safe. 
  • Understanding terms like malware, social engineering and related scams can help you identify common cyberthreats and attacks more easily. 

Here’s a list of common terms to make it easier for you to comprehend the reports or articles you come across and give you the opportunity to react quickly to threats.

Cyber Threats and Attacks

Malware is a broad term referring to malicious software that, once installed on your device, could enable hackers to gain access to it. Once that happens, cybercriminals may be able to control your device, steal your identity and commit fraud. Here are several examples of malware:


  • Ransomware prevents you from accessing devices, computer networks, systems or files—essentially holding them hostage. To regain control, cyberthieves will demand payment from you, usually in the form of cryptocurrency.

  • Spyware allows cybercriminals to track and record all your online activities, as well as capture sensitive information, such as passwords. Hackers can sell your tracking information to third parties interested in learning more about your online activities or interests.

  • Keylogger is spyware that quietly records all of your strokes on a computer or mobile keyboard. While keyloggers can be used for legitimate reasons, cybercriminals can use this technology to steal your login credentials and other sensitive information.

  • A Trojan (like the Trojan Horse for which it is named) is a sneaky form of malware that appears to be a legitimate application or file (like a game, antivirus software or banking app). But, after you install it on your device, it can seize control, stealing your data, disrupting your network and taking other harmful actions.


Social Engineering is a deceptive tactic that uses social interactions—and often psychological manipulation—to obtain your personal information or gain access to your accounts. The fraudster behind a social engineering scam may pretend to be a representative of a legitimate organization. Two common examples, include:


  • Phishing is a scheme that typically relies on emails (but can also occur via phone or text) to trick you into providing sensitive information or downloading malware onto your device through clicking on a link or downloading an attachment. Spear phishing is a type of phishing that involves prior research and targets a specific individual or organization with messages that are carefully crafted to appear authentic, making them difficult to detect.

  • Spoofing and phishing often go hand in hand. With a spoofed phone call, the incoming number on your caller ID may falsely display the number of a well-known company or government agency.  A spoofed email will forge the sender address or email header of a reputable entity to fool victims.


Clickjacking: With this attack, a cybercriminal creates an invisible interface layer that’s placed over a legitimate site. If you click on a link on the site and enter your personal information, your data is secretly hijacked by the hacker and the authentic site never receives your information.


Zero-day refers to vulnerabilities in security networks that hackers have discovered and can exploit to attack systems. A “zero-day attack” occurs when bad actors have already taken advantage of the security weakness before it can be fixed.


Bot: A software program that automatically performs simple, repetitive tasks that usually imitate human user behavior. While many bots are harmless, some are programmed to carry out malicious activities, such as hacking your accounts or sending spam.

Data and Device Protection

  1. 1

    Is the process of taking unprotected data and converting it into a scrambled code. Only authorized entities with a decryption code will be able transform the data back to its original, readable condition. Data can be encrypted using several formats.

  2. 2
    Multi-factor authentication (MFA)

    Also known as two-factor authentication, requires you to provide at least two credentials when accessing your account—making it more difficult for hackers to gain access. In addition to your username and password, MFA requires another factor to verify your identity, such as a one-time security code or a fingerprint or facial recognition scan.

  3. 3

    Software or hardware that places a virtual “wall” between your network and the outside world that limits internet traffic into and out of your network. It’s designed to block malicious software and attackers from entering your network’s internet protocol (IP) addresses and prevent direct, unauthorized connections from outside your network.

  4. 4

    Safely store a copy of your data offline, usually using an external hard drive, USB device or the cloud. If your primary device is lost, stolen, broken or compromised by a virus, you can recover your data by using your backup. 

  5. 5

    Are periodic security updates released by developers to “patch” software vulnerabilities or fix bugs within a program or product.

  6. 6
    Virtual private network (VPN)

    Creates a secure, private network connection (or a “virtual tunnel”) between your device and a remote server owned by a VPN provider, which encrypts your data and masks your IP address. Using a VPN sharply reduces the risk of having your private data and online activities visible to third parties. 

Learn More

Again, knowledge plays an important role in the ongoing battle against cyberthreats.  We encourage you to take advantage of the educational resources available through our Security Center for more insights about cyber schemes, emerging threats and preventative measures. 

Security Center

Learn how to protect yourself

Find a Financial Advisor, Branch and Private Wealth Advisor near you. 

Check the background of Our Firm and Investment Professionals on FINRA's Broker/Check.

Report an Online Security Concern

If you suspect you may be the victim of fraud or identity theft, or if you notice suspicious account activity or receive a questionable email or text that appears to be from Morgan Stanley, please contact us immediately at
(24 hours a day, 7 days a week)
For international clients, please contact your Morgan Stanley Client Representative immediately to report any online fraud or security concerns.