Account harvesting

The illegal practice of collecting email accounts from information in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting may be used for spamming.

Source : Glossary |

Active defence

The principle of proactively implementing a spectrum of security measures to strengthen a network or system to make it more robust against attack. Active defence is separate from offensive cyber operations, as well as passive defence or network hardening.

Note that some references to active defence focus on the employment of limited offensive action and counterattacks – commonly referred to as ‘hacking back’. The term active defence is not synonymous with ‘hacking back’, so these terms should not be used interchangeably.

Source: Glossary |

Advanced Persistent Threat (APT)

A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. Typically conducted by an adversary with sophisticated levels of expertise and significant resources – frequently associated with nation-state players.

These attacks tend to come from multiple entry points and may use several attack vectors (e.g. cyber, physical, deception). Once a system has been breached, it can be very difficult to end the attack.

Source: Cyber security glossary of terms – the ultimate list | CyberOne

Adversarial attack

They include different methods to alterate the input data to a machine learning algorithm so the system outputs incorrect decisions or results. The perturbations are added as they exploit particular vulnerabilities of the target attacked system. In the case of speeck tasks, they can be used, for example, to generate incorrect transcriptions from an automatic speech recognition system, incorrectly identify/verify a person when using voice biometrics, or fool an audio deepfake detection system.

Source : Vicomtech

Artificial Intelligence (AI): Artificial Intelligence refers to techniques enabling computers to mimic human intelligence, carrying out specific human tasks by making autonomous decisions. The AI includes Machine Learning (ML) as a subfield.

Source: Herta

Attack signature

A characteristic or distinctive pattern that can help link one attack to another, identifying possible actors and solutions.

Source : Cyber security glossary of terms – the ultimate list | CyberOne

Authority Fraud: The perpetrator contacts an individual, organization, or company and pretends to have authority—for instance, posing as the financial manager of a targeted company or a bank representative at the victim’s bank. Through this deception, the perpetrator induces the contacted party to take actions that result in financial gain for the perpetrator. Examples include CEO fraud and vishing scams.

Source: The Swedish National Council for Crime Prevention

Automatic Speaker Verification

Verification system that uses the voice from a person as the biometric factor to identify him/her. It commonly operates by generating a biometric fingerprint as a mathematical vector from a speech sample from the person. This fingerprint embeds the particular patterns from the person’s voice. Thus, this pattern is compared with the one generated by the user during enrollment, giving a score, the higher the most probable it is the person. It has generally two modes of operation: identification (select the most probable user against N enrolled persons) and verification (directly check if an user is a target person).

Source: Vicomtech


Back door

A feature or defect of a computer system that allows access to data by bypassing normal security measures.

Source: Glossary |

Black hat

A person that hacks for personal gain and/or who engages in illicit and unsanctioned hacking activities. See also ‘grey hat’ and ‘white hat’.

Source: Glossary |


An act of coercion using the threat of revealing or publicising either substantially true or false information about a person or group unless certain demands are met. It is often damaging information and may be revealed to family members or associates rather than to the general public.

 Source: Glossary |


A type of vulnerability by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, smart devices and wearable gadgets.

Source: Glossary |


A vulnerability in the Remote Desktop Protocol (RDP) that can affect the Windows 7, Windows Vista, Windows XP, Server 2003 and Server 2008 operating systems

Source: Glossary |

Blue team

According to the SANS Institute glossary, a blue team is the people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate, and a long list of similar undertakings. In simpler terms, they are the first line of defense, working to protect the organization’s assets, data, and systems from unauthorized access or damage.

Source: Glossary of Security Terms | SANS Institute & Blue Team vs. Red Team in Cybersecurity: Roles & Skills (

Bogus request

A fake request

Source: Glossary |


A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device’s legitimate user.

Source: Glossary |


A collection of computers infected by bots and remotely controlled by an actor to conduct malicious activities without the user’s knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.

Source: Glossary |

Breach (security)

A cyber security incident that results in unauthorised access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

Source: Glossary |

Browser hijacking

Occurs when browser settings are changed without the user’s knowledge or consent. The browser may persistently redirect to malicious or other unwanted websites.

Source: Glossary |

Brute force

An unsophisticated and exhaustive process to try and determine a cryptographic key or password without the user’s knowledge by systematically trying all alternatives or combinations until the correct one is discovered.

Source: Glossary |

Business continuity

A loosely-defined set of planning, preparatory and related activities which are intended to ensure that an organisation’s critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.

Source: Glossary |

Business scams

A dishonest scheme that aims to get money or something else of value from businesses.

Source: Glossary |


Card Fraud (Bank, Debit, and Credit Cards)

The perpetrator uses someone else’s physical bank card, debit card, or credit card to unlawfully make purchases or withdrawals.

Source: The Swedish National Council for Crime Prevention.

Cascaded connections

Cascaded connections occur when one network is connected to another, which is then connected to another, and so on.

Source: Glossary |


Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

Source: Glossary |


A multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

Source: Glossary |


A form of false advertisement which uses links that are designed to attract attention and entice users to follow that link and read, view or listen to the linked content, with a defining characteristic of being deceptive, typically sensationalised or misleading.

Source: Glossary |

Click farm

Groups of low-paid workers whose job is to click on links, surf around targeted websites, perhaps sign up for newsletters in order to exaggerate the popularity of the website. It is very hard for an automated filter to analyse this simulated traffic and detect that is it invalid as it has exactly the same profile as a legitimate visitor.

Source: Glossary |

Connection forwarding

The use of network address translation to allow a port on a node inside a network to be accessed from outside the network. Alternatively, using a Secure Shell server to forward a Transmission Control Protocol connection to an arbitrary port on the local host.

Source: Glossary |

Content filter

A filter that examines content to assess conformance against a security policy.

Source: Glossary |


A small text file that is transmitted by a website and stored in a user’s web browser that is then used to identify the user and prepare customised web pages. A cookie can also be used to track a user’s activity while browsing the internet.

Source: Glossary |

Coping strategies 

Set of practices and behaviors found in three dimensions (economic, social and cultural) implemented by individuals to try to control, cope with and/or minimize negative, conflictual or stressful situations.

Source: Bærenholdt, J. O., & Aarsæther, N. (2002). Coping strategies, social capital and space. European Urban and Regional Studies, 9(2), 151-165.

Corporate espionage

The improper or unlawful theft of trade secrets or other knowledge proprietary to a competitor for the purpose of achieving a competitive advantage in the marketplace.

Source: Glossary |


A type of digital currency which uses encryption techniques to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. The cryptography is designed for security and anti-counterfeiting measures.

Source: Glossary |


To understand what cryptojacking is, you need to know what cryptocoins, or cryptocurrency, are and how you can make money from them.  Cryptocoins are virtual coins. There are hundreds of cryptocoins out there, but the best known one is the Bitcoin.

To get a Bitcoin or another cryptocoin and therefore make money, a computer needs to carry out many calculations that require a large amount of energy (CPU). For these calculations a computer or smartphone is rewarded with Bitcoins. This process is called cryptomining.

As the number of calculations needed to make money is huge, more and more devices are needed to perform these calculations. This is why miners try to access your device in order to use it without your knowledge to collect cryptocoins. This is referred to as cryptojacking.

Source: My device is being used for cryptojacking | Safeonweb


A process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger.

Source: Glossary |


The use of the internet or other electronic means to stalk or harass an individual, group or organization.

Source: Glossary |

Cyber supply chain

The design, manufacture, delivery, deployment, support and decommissioning of applications, equipment and services that are utilised within an organisation’s ICT environment.

Source: Glossary |


Dark Web

 It is the part of de Deep Web (non-indexed content from the World Wide Web) where users can keep their anonimity, and users need to use anonymizing web browsers and virtual private networks to access it. Despite the name, it does not explicitly means they are only used for crimminal activities, although it is the common place where illegal contentcan be found in the Internet.

Source : Vicomtech

Data Breaches

Data breaches involve hackers gaining unauthorized access to databases containing personal information, which they can exploit for identity theft purposes.

Source: Kemea

Data spill

The accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to people without a need to know that information.

Source: Glossary |

DDoS attack

A DDoS or Distributed Denial-of-Service attack attempts to bring down a server by overloading it with a very large number of page requests. The server is unable to handle this large demand, making website or email traffic unavailable for a time, until the attack stops or is stopped.

Compare it to a traffic jam: you want to drive to Brussels, for example, but there is a traffic jam and you cannot get to your destination. Only when the road is clear again can you continue driving and reach your destination. In a DDoS attack, the congestion on the internet is caused deliberately.

Source: The website I want to visit is not available | Safeonweb


Generally refers to videos/images in which the face and/or voice of a person, usually a public figure, has been manipulated using artificial intelligence software in a way that makes the altered video look authentic.

Deep Learning (DL)

Subset of Machine Learning (ML) that trains with multiple layers of neural networks by exposing them to vast amounts of data, extracting progressively higher-level features from data. DL carries out a global, end-to-end optimization from input to output, learning the best data representations in the process, as a black box, hence yielding much more optimal results with much less human intervention. 

Source: Herta

Dictionary attack

Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.

Source: Glossary |


Obtaining and publishing private or personally identifiable information about an individual over the internet. Information can be obtained through a range of methods including network compromise, social engineering, data breaches, or research.

Souce: Glossary |

Drive-by download attacks

The unintentional download of malicious code to a computer or mobile device that leaves the user open to an attack. The user does not have to click on anything, download or open a malicious email attachment to have their computer or device infected.

Source: Glossary |


A type of Trojan that installs other malware files onto a computer or device. The other malware is included within the Trojan file, and does not require connection to the internet.

Source: Glossary |


Electronic warfare (EW)

The use of energy, such as radio waves or lasers, to disrupt or disable the enemy’s electronics. An example would be frequency jamming to disable communication equipment.

Source: Cyber security glossary of terms – the ultimate list | CyberOne

Endpoint security

A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.

Source: Glossary |


Fake news: Fake news is information that is clearly and demonstrably fabricated, and therefore it is false, and that has been packaged and distributed to appear as legitimate news.

A virtual boundary surrounding a network or device that is used to protect it from unwanted access. Can be hardware or software.

Source: Cyber security glossary of terms – the ultimate list | CyberOne


An Anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America.

Source: Glossary |


An offender deceiving someone into transferring something of value to the offender.

Source: Swedish Police Authority



Practice in which an adult impersonates a minor on the Internet or attempts to establish contact with children and adolescents to have a relationship of trust, moving on to emotional control and finally to scam for sexual purposes.

Source: INCIBE (Spanish National Cybersecurity Institute)


Impersonation attack

Emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data.

Source: Glossary |

Impersonation scam

A scam where a dishonest individual will try to convince you to make a payment or give personal or financial details by claiming to be from a trusted organisation.

Source: Glossary |


Infostealing malware can now be found impersonating generative AI tools, and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions.


In the wild

Malware operating on the internet that infects and affects users’ computers. This is opposed to malware seen only in internal test environments or malware collections.

Source: Glossary |

IoT Attacks

Attacks that take adantage of vulnerabilities in Internet of Things (IoT) devices (such as a smartfridge, a smartlock or a smartwatch) to gain access to personal information (names, emails, passwords).
Source: European union agency for cybersecurity / Cyber threats



Also known as keystroke logging, is a method used by cybercriminals to capture keystrokes typed on a keyboard. This technique can capture sensitive information such as usernames, passwords, and credit card numbers entered by users.

Source: Kemea


Machine Learning (ML)

A subset of Artificial Intelligence (AI) and refers to algorithms that learn from observed data, so they can predict over new, unseen data. The ML includes Deep Learning (DL) as a subfield.

Source: Herta

Malicious email

An email which has been deliberately crafted to cause problems on the server or on the client. This could be by making the message contain a virus, or crafting the message in such a way as to take advantage of a weakness in the receiving mail client.

Source: Glossary |


The use of online advertising to deliver malware.

Source: Cyber security glossary of terms – the ultimate list | CyberOne


Online Identity Theft (OIDT)

Illicit use of a victim’s personal identifiable information (PII) by an impostor to impersonate that person and gain a financial advantage and other benefits.

Source: European union agency for cybersecurity / Cyber threats



Attacks that attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware or direct them to a dodgy website.

Source: European union agency for cybersecurity / Cyber threats

Pig Butchering

The pig butchering scam, also known as a romance scam, is a long-term fraud that combines investment schemes, romance scams and cryptocurrency fraud. This scam originated in Southeast Asia, and the name originates from the Chinese phrase “Shāz Hū Pán,” meaning pig butchering.  



Malware that can change parts of its code in order to avoid detection by security software.

Source: Glossary |



Type of malware that encrypts a victim’s files and demands a ransom be paid to decrypt them.

Source: European union agency for cybersecurity / Cyber threats

Romance Fraud

The perpetrator initiates a romantic or similar relationship with a person, either through physical contact or online, with the intention of misleading them into actions that result in financial gain for the perpetrator. For example, convincing the person to lend money or make donations.

Source: The Swedish National Council for Crime Prevention


Sentimental fraud

Also known as “romance scams” or “romantic fraud,” typically begins on dating sites or social media platforms, where a person approaches the victim and, over the course of their interactions, expresses strong romantic or friendly feelings toward them. After gaining the victim’s trust and emotionally manipulating them, the scammer asks for money under various urgent pretenses (administrative, medical, financial, etc.). Sometimes, the scammer encourages the victim to invest in fraudulent financial schemes. The amounts requested usually become increasingly large until the victim is no longer able to pay.

If the victim refuses, the scammer may attempt to blackmail them, for example, by threatening to release intimate photos or videos that the victim has shared. A characteristic of this type of financial scam is that it occurs solely online (via messaging, phone, etc.), and the victim never meets the scammer in person, as the scammer will always find an excuse to avoid it.

Source: Comment réagir en cas d’escroquerie sentimentale ? – Assistance aux victimes de cybermalveillance


Form of scam in which the attacker threatens the victim to perform some specific action in order not to make public images or videos with sexual connotations, which he/she has previously sent to the cybercriminal.

Source: INCIBE (Spanish National Cybersecurity Institute)

Sextortion Scam

As part of the sextortion scam, you will get an e-mail where extortionists claim to have hacked into your computer and taken intimate footage of you when you were watching porn. The extortionists threaten to put the images online unless you pay a fee. They will try to put pressure on you, by asking you to pay quickly. They will often ask for an amount to be transferred in Bitcoins. That is suspicious too. The sextortion scam is a bluff: the extortionists do not have any images of you.

Source: I am being blackmailed: sextortion | Safeonweb


The theft of credit card information using card readers, or skimmers, to record and store victims’ data.

Source: Glossary |


Type of phishing attack that uses social engineering to get personal information about someone using text messaging.

Source: European union agency for cybersecurity / Cyber threats

Social engineering

Technique used by cybercriminals to gain the user’s trust and get them to do something under their manipulation and deception, such as running a malicious programme, providing their private passwords or buying from fraudulent websites.

Source: INCIBE (Spanish National Cybersecurity Institute) 

Spear phishing

A form of phishing that targets a specific person or group.

Source: Glossary |


Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyber attacks.

Source:  Cyber security glossary of terms – the ultimate list | CyberOne


Do you feel like you are being eavesdropped on via your mobile phone? That’s possible: there is software that is capable of transmitting your location, eavesdropping on phone calls, tracking your keystrokes, or viewing your data.  This is called stalkerware.

Source: My device is being bugged | Safeonweb

Supply Chain Attacks

A supply chain attack, also known as a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This type of attack can happen in any industry, from the financial sector to utilities and in public and private sectors. The attack surface is the sum of all accessible parts of your system, which grows as the supply chain becomes more complex with more software integrations and third-party services.

Source: What Is a Supply Chain Attack? – CyberDefenders

Synthetic audio (deepfake)

Artificial production of a voice that imitates human speech, but it really comes from an algorithm that generates the audio samples. In recent years the use of generative artificial intelligence algorithms based on deep neural networks have originated the term of audio deepfake. The two main categories are the text-to-speech synthesis and the voice conversion.

Source:  Vicomtech


Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Source : Cyber security glossary of terms – the ultimate list | CyberOne

Typhoid adware

This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.

Source: Cyber security glossary of terms – the ultimate list | CyberOne


Victim recovery

The act of reconstructing oneself through becoming aware of the trauma or negative experience one has undergone by observing and understanding it through the impact it has had not only physically and materially but also psychologically and socially. The recovery of a victim is a non-linear process that tends towards the achievement of a new balance towards oneself, towards others and towards the external environment.

Source: Melgar Alcantud P, Campdepadrós-Cullell R, Fuentes-Pumarola C, Mut-Montalvà E. ‘I think I will need help’: A systematic review of who facilitates the recovery from gender-based violence and how they do so.  Health Expect. 2021; 24: 1–7.


Attacks that are performed over the phone and use psychology or voice techniques to trick victims into handing over sensitive information or performing some action on the attacker’s behalf.
Source: European union agency for cybersecurity / Cyber threats



A wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It’s a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it’s a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creates a large number of processes, eventually crashing the system. Wabbits don’t attempt to spread to other computers across networks.

Source: Cyber security glossary of terms – the ultimate list | CyberOne

Web scraping

Technique used to extract different relevant information from web sites through a software program, collect this information and structure it to be used for the final user for analysis and obtaining different information. 

Source: Vicomtech


Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.

Source: Cyber security glossary of terms – the ultimate list | CyberOne

White hat

An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation’s information systems. See also ‘black hat’ and ‘grey hat’.

Source: Glossary |

Wire fraud

A crime in which a person concocts a scheme to defraud or obtain money based on false representation or promises.

Source: Glossary |


Zero day exploit

An exploitable software vulnerability that hasn’t been disclosed or patched by the software vendor yet.

Source: Glossary |

Subscribe to EITHOS Newseletters

Be updated with our last articles, events and news