eCrimeBytes Electronic Crimes Glossary

We will be adding to this list every episode, so check back often!

• Automated Clearing House (ACH) – The facility used to transfer funds electronically.
  • https://www.fiscal.treasury.gov/ach/
  • https://en.wikipedia.org/wiki/Automated_clearing_house
• Business Email Compromise (BEC) Scheme – A scheme where criminals compromise the email server of commercial companies in order to fake communications to a targeted victim company which could result in the targeted company paying an account the criminals actually own. For example, Company A may be compromised and the criminals may send an email from Company A to Company B requesting $100,000 for a fictitious invoice. The fake invoice would been to be believable. The email coming from the real Company A’s domain would seem credible. However, the fake invoice would have an account number listed that the criminals owned. When payment was made the criminals gained.
• Child Sexual Abuse Material (CSAM) – Child pornography.
• Credential Stuffing Attack – An attack against a victim website where valid usernames & passwords from other compromised sites are tested against this victim website. Here, the attackers are counting on username and password reuse to gain access to your account on multiple independent websites.
• Cryptocurrency – Virtual currency generally based on mathematical algorithms that can be purchased, sold, and traded for various services and products. More details on cryptocurrency:
  • https://en.wikipedia.org/wiki/Cryptocurrency
  • https://drkeithjones.com/index.php/category/cryptocurrency/
• Doxing – The act of posting someone’s personal information publicly as a form of harassment. More examples of doxing:
  • https://en.wikipedia.org/wiki/Doxing
  • https://drkeithjones.com/index.php/category/doxing/
• Encryption – A method to hide content by translating it into data representation outside parties cannot read. (https://en.wikipedia.org/wiki/Encryption)
  • Symmetric Encryption – All parties decrypting the data will have the same pass phrase.
    • https://en.wikipedia.org/wiki/Symmetric-key_algorithm
  • Asymmetric Encryption – Each party has their own public and private keys to encrypt and decrypt data. This method is a bit more sophisticated than symmetric encryption, typically.
    • https://en.wikipedia.org/wiki/Public-key_cryptography
• IP Address – An identifying set of numbers to locate a computer on the internet. They generally look like: 35.8.52.23. More info about IP addresses:
  • https://en.wikipedia.org/wiki/IP_address
• Personally Identifiable Information (PII) – Put simply: personal information such as date of birth, social security number (SSN), address, etc. More on PII:
  • https://en.wikipedia.org/wiki/Personal_data
• Phishing – When an attacker sends an email that pretends to be from a legitimate service, but actually directs you to a website the attackers own. When you enter your credentials into this fake website (that looks exactly like the legitimate one), you hand over your login credentials (username & password) to the attackers. The attackers can then use these credentials to login as you to the legitimate website. More on phishing:
  • https://en.wikipedia.org/wiki/Phishing
  • https://drkeithjones.com/index.php/category/phishing/
• Protected Health Information – Similar to Personally Identifiable Information, but for health related info.
• SIM Swapping – Either social engineering or bribing phone company employees to switch a victim’s mobile phone number over to a SIM card the attacker controls. Soon after a SIM swap, the victim loses mobile phone access and the attackers quickly target online accounts tied to the victim’s phone number, like email, Instagram, and other high value targets. More info on SIM swapping:
  • https://en.wikipedia.org/wiki/SIM_swap_scam
  • https://drkeithjones.com/index.php/category/sim-swapping/
• Social Engineering – Tricking humans into handing over access to computer systems or accounts. More examples of social engineering:
  • https://en.wikipedia.org/wiki/Social_engineering_(security)
  • https://drkeithjones.com/index.php/category/social-engineering/
• Spoofing – Making communications look like they came from a different source than they actually did. For example, you might spoof an email to make it look like it came from Keith Jones, when you are actually not Keith.
• Stolen Identity Tax Refund Fraud (SIRF) – The process criminals use to monetize stolen identities by filing false tax refund claims in the victims’ names, but instead of the refund going to the victim it goes to the criminal.
• Subscriber Identity Module (SIM) – A small computer chip inserted into a phone to tie the physical phone to a phone number.
  • More pictures of SIMs:
    • https://en.wikipedia.org/wiki/SIM_card
    • 
  • https://drkeithjones.com/index.php/category/sim-swapping/
• Swatting – The act of falsely sending emergency services to a victim address. The term comes from SWAT, tactical police teams that commonly respond to the falsely reported event. Some scenarios reported via a SWAT could be an active shooter, a house fire, a bomb threat, or sometimes combinations of many threats. More on swatting:
  • https://en.wikipedia.org/wiki/Swatting
  • https://drkeithjones.com/index.php/category/swatting/
• Trezor Wallet – A physical hardware device to hold Bitcoin or other cryptocurrency.
  • Pictures and more information on Trezor wallets: https://en.bitcoin.it/wiki/Trezor
• Virtual Private Network (VPN) – Criminals often use VPNs to hide the origin of their traffic. When connected to a VPN your IP address will typically look like it came from that VPN provider instead of your true IP address. Many VPN providers will have servers in multiple countries so that you can make your traffic appear to originate from overseas.
  • https://en.wikipedia.org/wiki/Virtual_private_network
• Vishing – Voice phising. Instead of using email, vishing uses a phone which victims tend to find a little more believable. See phishing, above. More on vishing:
  • https://en.wikipedia.org/wiki/Voice_phishing