- Administrative privileges
The permissions that allow a user to perform certain functions on a system or network, such as installing software and changing configuration settings.
Software that displays advertisements on your computer. Adware becomes a problem if it:
• installs itself on your computer without your consent;
• installs itself in applications other than the one it came with;
• hijacks your web browser in order to display more ads;
• gathers data on your web browsing without your consent and sends it to others;
• is designed to be difficult to uninstall.
Adware can slow down your computer and your Internet connection.
- Anti-virus software
Software that defends against viruses, Trojans, worms and spyware. Anti-virus software uses a scanner to identify programs that are or may be malicious. Scanners can detect known viruses, previously unknown viruses and suspicious files.
A process or measure used to verify a user’s identity.
An online graphic representation of a user (e.g. chat rooms and computer games).
A backdoor in a computer system is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection.
- Backing up
The procedure for making extra copies of data in case the original is lost or damaged.
A measure of the "speed" of an Internet connection. The rate at which information travels through a network connection, usually measured in bits per second, kilobits (thousand bits) per second, or megabits (million bits) per second.
A process whereby a system (typically a victim) sends a contact message to another system (usually threat actor’s control system). This process is done to notify to a threat actor that a system is active and remains infected.
To stop a computer from reaching something on the internet, or, on social media, to stop a user from contacting you.
A blockchain is a write-only database, dispersed over a network of interconnected computers, that uses cryptography to create a tamperproof public record of transactions. Because blockchain technology is transparent, secure and decentralized, a central actor cannot alter the public record.
An industry standard for short-range wireless connections between devices like mobile phones, headsets, computers and PDAs.
Similar to a real-life bookmark, an internet bookmark acts as a marker for a web page.
A single compromised computer (a robot computer) sometimes called a zombie. A program covertly installed on a user's machine to allow an unauthorized user to remotely control the targeted system through a communication channel. These channels allow the remote attacker to control a large number of compromised computers in a botnet, which can then be used to launch coordinated attacks. Attackers can use bots to perform a variety of tasks, such as setting up denial of service attacks against an organization's website, distributing spam, spyware and adware, phishing attacks, propagating malicious code, and harvesting confidential information.
A collection of software robots, or 'bots', that creates an army of infected computers (known as ‘zombies') that are remotely controlled by the originator. Yours may be one of them and you may not even know it.
A program that allows a user to find, view, hear, and interact with material on the internet, including text, graphics, sound, and video.
- Browser-based exploitation
A misuse of legitimate browser components to execute malicious code. Simply visiting a website with hidden malicious code can result in exploitation.
Browser hijackers change the default home and search pages in your internet browser. Some websites run a script that changes the settings in your browser without your permission. This hijacker can add shortcuts to your "Favourites" folder or, more seriously, can change the page that is first displayed when you open the browser. You may find that you cannot change your browser's start page back to your chosen site.
A unit or measure of digital information, consisting of eight binary digits (bits) processed together; usually enough to store a single letter or digit.
A component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. The term cache often refers to the browser cache, which records the most recently downloaded web pages.
Refers to an individual assuming a false identity online, to pursue emotional/romantic relationships in the virtual world.
An encrypted file containing user or server identification information, which is used to verify identity and to help establish a security-enhanced link. An entity's data rendered unforgeable with the private or secret key of a certification authority.
An online conversation where a person can continually read messages from others and then type and send a message reply.
- Cloud computing
The ability to access all required software, data and resources via a computer network instead of the traditional model where these are stored locally on a user's computer.
- Cloud storage
Saves files, documents and photos to a remote database. A cloud storage service may come standard with the operating system (OS) of your computer or device.
A file placed on your computer by a website to enable the website to remember your details and track your visits.
The discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use. The conversion of the information into this new protected form is referred to as encryption. The conversion of information back to its original form is decryption.
- Cyber attack
The use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device.
- Cyber incident
Any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource.
- Cyber threat
A threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries.
Bullying or harassment that takes place online; includes posting embarrassing pictures or unkind comments on a person's profile or sending them via instant message or email. This often takes the form of threats and intimidation against the victim.
Decoding of a message which has been encrypted (see cryptography).
A setting automatically chosen by a program or computer that remains until the user specifies another setting.
- Denial of Service Attack
Any activity that makes a service unavailable for use by legitimate users, or that delays system operations and functions.
- Distributed Denial of Service Attack
Also known as DDoS. An attack in which multiple compromised systems are used to attack a single target. The flood of incoming messages to the target system forces it to shut down and denies service to legitimate users.
- Domain name
A name owned by a person or organization and consisting of an alphabetical or alphanumeric sequence followed by a suffix indicating the top-level domain: used as an internet address to identify the location of particular web pages (e.g. .gc, .ca).
Transmission of data from a remote computer system onto a local computer system.
Messages sent through an electronic (computer) network to specific groups or individuals.
Converting information from one form to another to hide its content and prevent unauthorized access.
When money or other assets are held by a trusted third party pending completion of a transaction.
- Ethernet technology
The most common technology for connecting computers together in a network.
- Executable file
A file that is in a format the computer can directly execute, as opposed to source files, which are created by and for the user. Executable files are essential to running your computer, but can also do it harm. Spyware programs often include executable files that can operate without your knowledge.
The unauthorized removal of data or files from a system by an intruder.
A defined way to breach the security of an IT system through a vulnerability.
- External hard drives
Devices that can be connected to your computer or device to save a copy of files, documents and photos.
- File sharing
Making files available over the internet or network to other users, typically music or video files.
Software that screens information on the internet, classifies its content, and allows the user to block certain kinds of content.
A security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside.
A term used by social media sites to indicate someone who can view the content posted by your account/profile and, in some cases, the personal information (i.e. phone number, address, etc.) associated with your account/profile.
The act of requesting another person to be your friend (and connecting with you) on a social media.
Geotagging is the process of adding geographic data to various media platforms (e.g. photos, SMS messages, or videos) that can be shared on social media sites. This can include latitude and longitudinal coordinates and location names.
- Global Positioning System
Global Positioning System is a global navigation satellite system used in cars or phones to determine location and provide directions.
- Going viral
Internet content that is rapidly spread through electronic mail and social media sites because most people who get it share it with their friends or social networks.
Hacking is a term used to describe actions taken by someone to gain unauthorized access to a device. The availability of information online on the tools, techniques, and malware makes it easier for even non-technical people to undertake malicious activities.
- Hard disk
A fixed magnetic disk drive used to store data on computers.
The mechanical devices that comprise a computer system, such as the central processing unit, monitor, keyboard, and mouse, as well as other equipment such as printers and speakers.
- Home page
The home page is displayed by default when a visitor visits a website using a web browser.
A protocol for secure communication over a computer network which is widely used on the Internet.
An image or a portion of text that, when clicked, allows electronic connections. These connections access other internet materials such as images, sounds, animations, videos, or other web pages.
- Identity theft
The crime of impersonating someone and using their private information, usually for financial gain.
- Instant messaging
Real‐time electronic communication between people over a network.
- Intellectual property
Legal rights that result from intellectual activity in the industrial, scientific, literary and artistic fields. Examples of types of intellectual property include an author's copyright, trademark, and patents.
- Internet of Things
The Internet of Things (IoT) refers to physical devices (also called “smart” or “connected” devices) that connect to each other via the internet. They collect and exchange information with one another and with us. Smart devices can be remotely controlled and monitored, or work automatically, through a variety of software, cameras and sensors.
- Internet Service Provider
A business that supplies internet connectivity services to individuals, businesses, and other organization.
- IP Address
The IP address uniquely identifies a computer or other hardware device (such as a printer) on the internet.
- Keystroke logger
Software or hardware designed to capture a user's keystrokes on a compromised system. The keystrokes are stored or transmitted so that they may be used to collect valued information.
(Local Area Network)
A network of connected computers that are generally located near each other, such as in an office or company.
- Login credential
A login credential is the information that you use to sign in to an account, such as a username or email address and a password or PIN.
Malicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.
• Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information.
• Reformat the hard drive of your computer causing you to lose all your information.
• Alter or delete files.
• Steal sensitive information.
• Send emails on your behalf.
• Take control of your computer and all the software running on it.
A modem is a device that is used to connect a computer to the internet.
- Multi-factor authentication
A tactic that can add an additional layer of security to your devices and account. Multi-factor authentication requires additional verification (like a PIN or fingerprint) to access your devices or accounts. Two-factor authentication is a type of multi-factor authentication.
Information presented in more than one format, such as text, audio, video, graphics, and images.
- Multimedia Messaging Service
See Text messaging.
Several computers that are connected to one another.
- Online profiling
Compiling information about consumers' preferences and interests by tracking their online movements and actions in order to create targeted ads.
- Operating system
The main program that runs on a computer. An operating system ("OS") allows other software to run and prevents unauthorized users from accessing the system. Major operating systems include UNIX, Windows, MacOS, and Linux.
- Parental controls
Tools that allow parents to prevent their children from accessing certain internet content that they might find inappropriate.
Combination of random words you select to secure an account or device.
Combination of letters and numbers you select to secure an account or device.
A small piece of software designed to update or fix problems with a computer program. This includes fixing bugs, reducing vulnerabilities, replacing graphics and improving the usability or performance.
- Peer-to-peer network
Networks that are often used to share content files containing audio and video data. Relies primarily on the computing power and bandwidth of the participants in the network rather than concentrating power in a low number of servers.
Pharming is a common type of online fraud, a means to point you to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. This may allow a threat actor to steal the information users enter.
A person who attempts to trick someone by phishing. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.
An attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain.
Illegal use or duplication of material covered by intellectual property laws, such as copyright.
- Pop-up window
Unsolicited advertising that appears in its own browser window.
- Post, posting
To add a contribution to a forum/chat room/blog/web page/social network profile, which is then accessible to others.
A statement concerning collection, storage, and use of personal information.
Ransomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment for the restriction to be removed. The two most common means of infection appear to be phishing emails that contain malicious attachments and website pop-up advertisements.
A network device that is used to establish and control the flow of data between different networks.
- Screen shot
Used to describe the action of capturing your computer desktop or anything shown on your computer screen to a static image file. Some people also call it a screen grab.
- Search engine
A program that enables users to locate information on the internet. Search engines use keywords entered by users to find websites which contain the information sought.
- Security software
Identifies and protects against threats or vulnerabilities that may compromise your computer or your personal information; includes anti-virus and anti-spyware software and firewalls.
A picture taken by the photographer who is also the subject of the photograph, which can be uploaded to a social media site.
A computer system or program that provides services to other computers.
- Short Message Service
See Text messaging.
- Smart device
Web-enabled smart devices transmit information gathered from their surroundings using embedded sensors, software and processors. Smart devices communicate with one another (machine to machine) or with us through our smartphones. After initial setup, most smart devices work automatically, collecting and sending information.
- Smart phone
A mobile phone that offers advanced capabilities and features like a web connection and a portable media player.
Fraudulent SMS messages designed to induce users to reveal personal or financial information via the mobile phone (see phishing).
- Social engineering
The practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick people into revealing sensitive information. For example, phishing is a type of social engineering.
- Social media
Internet-based tools that allow people to listen, interact, engage, and collaborate with each other. Popular social media platforms include Facebook, YouTube, LinkedIn, and Twitter.
A computer program that provides instructions which enable the computer hardware to work. System software, such as Windows, Linux or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality.
Any unsolicited commercial electronic message. It is often a source of scams, computer viruses and offensive content that takes up valuable time and increases costs for consumers, business and governments. Canada's anti-spam legislation applies to all commercial electronic messages. A commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.
- Spear phishing
The use of spoof emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and well targeted.
A website or email address that is created to look like it comes from a legitimate source. An email address may even include your own name, or the name of someone you know, making it difficult to discern whether the sender is real.
Software that collects personal information about you without you knowing. They often come in the form of a ‘free' download and are installed automatically with or without your consent. These are difficult to remove and can infect your computer with viruses.
- SSL encryption
A cryptographic protocol that provides security when communicating over the internet.
- System software
See Operating System.
- Text messaging
(SMS and MMS)
The process of sending a written message to someone's mobile device. Short Message Service (SMS) is a way of sending text messages between mobile devices. Multimedia Messaging Service (MMS) is the process for sending images, audio and video between mobile devices.
An add-in for a web browser that adds functionality.
A malicious program that is disguised as or embedded within legitimate software.
- Two-factor authentication
A type of multi-factor authentication used to confirm the identity of a user. Authentication is validated by using a combination of two different factors including: something you know (e.g. a password), something you have (e.g. a physical token), or something you are (a biometric).
- Two-step verification
A process requiring two different authentication methods, which are applied one after the other, to access a specific device or system. Unlike two-factor authentication, two-step verification can be of the same type (e.g. two passwords, two physical keys, or two biometrics). Also known as Two-step authentication.
The act of removing someone from your friends or followers list on a social network site.
To remove an application or file from a computer.
- Unpatched application
A supported application that does not have the latest security updates and/or patches installed.
Updates to software and devices add new features, fix bugs, and often contain new security features to protect against attacks.
An improved or more modern version of hardware or software.
Transmission of data from a local computer system onto a remote computer system.
(Uniform Resource Locator)
Uniform Resource Locator is the technical term for the address (location) of a resource on the internet such as a website or file.
- USB memory stick
A removable solid-state memory device.
- Virtual Private Network
A private communication network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN.
A computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer.
Voice over Internet Protocol (VoIP) is the routing of voice conversations over the internet. This is distinct from a telephone call, which is made from your home or office phone which goes through the Public Switched Telephone Network.
A flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations.
A digital camera that can transmit images over the internet.
Wi-Fi refers to a set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or tablet can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot.
- Wi-Fi eavesdropping
A method used by threat actors to capture personal information by “listening in” on information that's shared over an unsecure (not encrypted) Wi-Fi network.
A malicious program that executes independently and self-replicates, usually through network connections, to cause damage (e.g. deleting files, sending documents via email, or taking up bandwidth).
- WPA2 Handshake Vulnerabilities
The Key reinstallation attack (or Krack) vulnerability allows a malicious actor to read encrypted network traffic on a Wi-Fi Protected Access II (WPA2) router and send traffic back to the network.
A compromised computer. See Bot.