Gain a better understanding of how we talk about cybercrime



Account takeover

Unauthorized access to someone else’s account, typically achieved through stolen credentials or exploiting vulnerabilities. Attackers gain control of the account and may misuse it for financial gain or other malicious purposes.

Advance fee fraud

A scam where fraudsters deceive victims into making upfront payments or providing personal information under false pretenses. Also known as Authorized Push Payment (APP) fraud, it often involves convincing stories or promises to trick victims into sending money.


Brand infringement

The unauthorized use of a company’s brand, logo, or intellectual property without permission. This commonly occurs on websites and social media platforms, where fraudsters mimic or impersonate legitimate brands to deceive users.

Brute force attack

A method used by hackers to gain unauthorized access to a system by systematically trying all possible combinations of passwords until the correct one is found. Brute force attacks can target website logins and remote access services, making them potential vectors for ransomware attacks.

Business email compromise

A sophisticated scam where attackers impersonate high-ranking executives or trusted business partners to trick employees into disclosing sensitive information or making fraudulent transactions. Business email compromise can lead to substantial financial losses for organizations.


Code repository sensitive data leak

The exposure of sensitive information, such as source code or credentials, due to insecurely configured or compromised code repositories.

Conversational scams

Threats where criminals engage in interactions with victims, often through SMS or messaging platforms, to deceive them into fraudulent activities such as APP fraud (Authorized Push Payment). Examples include scams involving pig butchery, romance scams, and impersonation schemes.

Credential drop URL

A website or link used by attackers to collect stolen login credentials from phishing attacks or other cyber attacks. These URLs serve as a repository for stolen credentials, which can then be sold or used for further malicious activities.

Cryptocurrency investment scam

Fraudulent schemes that entice individuals to invest in cryptocurrencies with promises of high returns but ultimately result in financial losses. Scammers exploit the popularity and volatility of cryptocurrencies to deceive and defraud investors.


Dark web and dark markets

Hidden parts of the internet that are not indexed by search engines and require special software to access. The dark web is often associated with illegal activities, including the operation of dark markets where illicit goods and services are bought and sold.

Deceptive domain

A domain name registered with the intent to deceive or trick users, typically by closely resembling legitimate websites or popular brands. Deceptive domains are commonly used in phishing attacks and other fraudulent activities.

Defaced website

A website that has been vandalized or altered without authorization, typically by hackers. Defacement can range from minor changes to the entire website being replaced with malicious content or propaganda.

Denial of service attack

An attack that overwhelms a target system or network with a flood of illegitimate requests or traffic, rendering it inaccessible to legitimate users. The goal is to disrupt the availability of the targeted service or website.


Domain-based Message Authentication, Reporting, and Conformance. An email authentication protocol that helps prevent email spoofing and phishing attacks by allowing domain owners to specify how incoming emails should be handled if they fail authentication checks.

Domain monitoring

The practice of actively monitoring domain name registrations and changes to detect potential malicious or unauthorized activities, such as phishing campaigns or brand infringement.

Domain registrar & registry

Entities responsible for managing domain names, including their registration, renewal, and technical administration. Registrars are companies that interact directly with domain owners, while registries manage the overall domain name system, selling domain names through registrars.

Domain slamming

Unethical practices by domain registrars that send misleading or deceptive emails or notices to domain owners, tricking them into transferring their domain registrations to another registrar.

Donation fraud

Scams that exploit people’s goodwill by pretending to collect donations for charitable causes or disaster relief efforts, but the funds never reach the intended recipients.


Evil JavaScript

Malicious JavaScript code embedded within web pages or applications, often used to exploit vulnerabilities, steal information, or perform unauthorized actions on victims’ devices.


Fake bank

Phony websites or applications that mimic legitimate banks to trick users into revealing their banking credentials or financial information. These fake banks are designed to steal sensitive data for fraudulent purposes.

Fake bond comparison site

Websites that claim to offer objective comparisons of different bond investment options but are set up to deceive users and promote fraudulent or non-existent investment opportunities.

Fake mobile app

Malicious or counterfeit mobile applications that mimic legitimate apps to deceive users into installing them. These apps often contain malware or steal sensitive information from the user’s device.

Fake pharmacy

Illegitimate online pharmacies that operate without proper licensing or authorization, selling counterfeit or substandard medications. These fake pharmacies pose serious health risks to unsuspecting buyers.

Fake shop

Bogus online stores that pretend to sell products at attractive prices and send counterfeit goods or none at all. These scams aim to defraud consumers and steal their payment information.


Health product scams

Scams that involve the sale of fraudulent or ineffective health products, treatments, or supplements, exploiting people’s health concerns or offering false promises for financial gain.

Hosting provider

A company or service that provides web servers, infrastructure, and resources to host websites or online services on the internet.



Internet Service Provider. A company that provides internet access and related services to individuals and organizations. ISPs connect users to the internet and offer services such as email, web hosting, and domain registration.


Mail server takedown

The process of disabling or shutting down a mail server that has been used to distribute malicious emails or participate in spam campaigns, thereby mitigating the threat posed by continued use of the mailserver to send malicious content.

Malicious email address

An email address used by attackers to send spam, phishing emails, or malware-infected attachments. These addresses are created with malicious intent and are often disposable or difficult to trace back to the attackers.

Malware takedown

Actions taken to identify, analyze, and remove or neutralize malware threats. This includes not only removing malware download URLs but also dismantling and disrupting the command-and-control infrastructure.

Mule recruitment

The process of recruiting unsuspecting individuals, often through job postings or online advertisements, to act as intermediaries in money laundering schemes. Mules unknowingly help criminals transfer and launder illegally obtained funds.


National CERT

Computer Emergency Response Team. A government-appointed or designated organization responsible for coordinating and responding to cybersecurity incidents within a country. National CERTs provide incident response and support to enhance cybersecurity across various sectors.

Non-Consensual Cryptocurrency Miners (or Cryptojacker)

Malicious programs or scripts that run on victim’s browser without their consent, using their computational resources to mine cryptocurrencies for the benefit of the attacker.


Phishing drop site

A website or server used by attackers to collect stolen information obtained through phishing attacks. These dropsites allow criminals to gather and exploit the stolen data.

Phishing kits

Packages of tools and resources used by cybercriminals to create convincing phishing campaigns. Some kits include hidden credential dropsites, allowing attackers to collect victims’ information.


Techniques that deceive individuals into revealing sensitive information, such as passwords or credit card details, by impersonating trustworthy entities through fraudulent websites, emails, or SMS messages.



Malicious software that encrypts a victim’s files or locks them out of their system, demanding a ransom payment to regain access. Countermeasures against ransomware include proactive security measures, data backups, and incident response plans.



Emails that threaten to expose personal or intimate information about the recipient unless a cryptocurrency payment is made. These scams aim to exploit victims’ fears and coerce them into paying to prevent embarrassment or harm.

Shopping site skimmers

Malicious code injected into legitimate e-commerce websites to steal customers’ payment information during the checkout process. Skimmers capture credit card details and transmit them to attackers.


Phishing attacks carried out through SMS messages, where users are tricked into clicking on malicious links or providing personal information via text messages.

Social media takedown

The process of removing or blocking malicious or harmful content on social media platforms, including scams, misinformation, or accounts involved in fraudulent activities. It can also involve addressing advertising abuses on these platforms.

Survey scam

Fraudulent surveys or questionnaires used to collect personal information from unsuspecting users. These scams often promise rewards or prizes to entice individuals into providing their data.


Technical support scam

Scams where criminals pose as technical support agents, usually through phone calls or pop-up messages, tricking victims into believing their devices are infected or have issues. The scammers aim to gain access to sensitive information or extort money for fake services.


Web-inject malware

Malicious code injected into web pages or web browsers to modify the content users see and potentially steal sensitive information, such as login credentials or financial data.


An individual or team responsible for managing and maintaining a website, including its design, functionality, and content updates.

Web shell

Malicious scripts or programs that attackers implant on compromised web servers to gain remote control and unauthorized access. Web shells provide a persistent backdoor for hackers to execute commands and manipulate the server.

Website takedown

The process of contacting infrastructure providers requesting the removal of malicious or fraudulent websites, rendering it inaccessible to users. Website takedowns help protect users from falling victim to scams or malware.