Jargon buster

The process of confirming you are who you say you are by asking for something only you would know or have. Memorable words and biometric checks are common examples.

A botnet (which comes from ‘robot network’) is a collection of computers that a criminal, known as a bot herder, has under their control. Computers join botnets without the owner even knowing – normally after being infected with a virus through things like phishing emails. 

Where an attacker submits many passwords or passphrases by trial and error, with the hope of eventually guessing correctly.

A way of storing files, systems and other digital resources on a remote computer (server) that’s owned and managed by someone else.

Virtual money that’s used to buy and sell things online and has no physical presence. Examples include Bitcoin and Ethereum. Ransomware usually demands payment in cryptocurrency.

The method of scrambling data into unreadable formats. It’s used for keeping data private, to check it’s been transmitted correctly, and to verify identity.

A vast area of the internet that can only be accessed with specific software, configurations, or authorisation. 

Any process or event that results in data being corrupted, deleted, or made unreadable.

A deliberate theft of data.

A security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used, by unauthorised access. 

Attacks launched using botnets to disable and disrupt services.

Also spelled ‘doxxing’, this is the act of publicly revealing previously private personal information about an individual or organisation, usually done on the internet where anyone can see it.

Where data is converted into an unreadable format that can only be recovered with a secret digital key. It's a type of cryptography and uses some complex maths to make sure it's impossible to crack.

An external security measure that uses software to filter and monitor all malicious activities and stop them from accessing a network. 

A process websites use to store passwords securely. When you create a password, the website stores an encrypted version called a ‘hash’. Even if a criminal steals the hash, it’s almost impossible for them to get your password from it.

The company that provides your internet services, such as Virgin Media, Sky, BT or TalkTalk.

A unique number that identifies your computer. When you connect to the internet and look at a web page, the computer that hosts the web pages sends the data to your IP address. IP means ‘internet protocol’.

Short for ‘malicious software’, this is installed on your device usually by clicking on links in phishing emails or smishing texts, visiting unsecure or fake websites or by remotely targeting your IP address. That software can cause all sorts of problems, from harvesting your data and password details without you knowing, sending hundreds of spam emails from your email account, to infecting your whole machine and destroying everything on it. A good firewall and antivirus software protect against malware.

A set of changes to a computer program or its supporting data, designed to update, fix, or improve it. This includes fixing security vulnerabilities.  

Where criminals try to get you to click on a link in an email as a way of getting you to disclose personal or sensitive information. They often look like emails from genuine companies, and can be hard to spot. Never click on links in emails unless you know they’re from a trusted source. Even then, it’s better to type the web address into your browser manually, as the links in the email will often redirect you to a different website made to look genuine.

When you use encrypted messaging, you have a private key and a public key. People use your public key to encrypt messages they send to you, and you use your private key to decrypt them. 

Malware that freezes your access, or blocks you from doing certain things on your device until you’ve paid the attacker a ‘fine’, usually demanded in cryptocurrency. Some ransomware comes in the form of phishing emails, claiming to have certain private information about you on video that the criminal threatens to send to all your contacts if you don’t pay up. Always fully delete these emails and never click any links.

Malware designed to spy on you either through your webcam or by recording everything you do on your device.

Like phishing, but with text messages.

An encrypted connection over the internet from a device to a network. It makes sure data is safely transmitted and prevents unauthorised people from seeing it. Because you’re accessing the internet through someone else’s server, which could be located anywhere in the world, it also means your physical location can’t be traced using your IP address.

Like phishing, but done by phone. You may get a phone call from someone claiming to be from your bank, or telling you there’s something wrong with your computer. Never give any personal details or passwords to anyone who calls you – it’s always best to hang up and call the company on a number you know is right.

Faults within software or programs that criminals can exploit. Manufacturers usually fix the vulnerability by releasing patches as part of the software update.

A vulnerability that hasn’t been identified or isn’t known to the manufacturer. These weaknesses are exploited by criminals until it gets fixed.