Online security glossary resource


Antivirus software tries to find and neutralise any viruses or malicious software (malware) that may be on computers or smartphones. Example products include Kaspersky, McAfee, and AVG


A botnet is a collection of (often thousands of) computers that a criminal has under their control. They’re often used to send out spam emails, to attack websites as part of a DDoS attack, or sometimes (with it’s combined computing power) to crack passwords. Computers join botnets without the owner even knowing, normally after being infected with a virus such as through a phishing email

Brute Force

Brute force is the process of trying every possible password combination until the correct one is found, from “a” all the way up to “zzzzzzzzzzzz” (and beyond!).

Denial of Service attack (“DoS” or “DDoS”)

A Denial of Service attack (“DoS” for short) is when an attacker bombards a website with so much traffic that it buckles under the strain & stops working. These attacks are often carried out by multiple computers as part of a botnet, leading to the term Distributed Denial of Service attack (or “DDoS”). Criminals will often use these attacks as part of a blackmail campaign to extort money from companies who rely on their website being up and running, or to mask other hacking activity at the same time. A DDoS attack, despite what is often reported in the media, is not a form of hacking since it doesn’t involve breaking into websites; it simply involves overwhelming them with too much traffic.


Encryption is the process of converting a piece of data into an unreadable format that can only be recovered with knowledge of a secret key. It’s a form of cryptography and uses some complex mathematics to ensure it’s unbreakable. Encryption is used in many parts of our daily lives, from making sure that our online banking can’t be intercepted through to protecting conversations over email or Skype. Common encryption algorithms include RSA and AES.


A firewall is a piece of software (or within large organisations, a physical device itself) that can analyse the internet traffic flowing into and out of your computer to try to detect (and stop!) anything that’s unauthorised.


You might see HTTPS appearing in the address of a website that is encrypting your data as you send it (the “s” in https stands for “Secure”). If you’re logging into a website or sending any sensitive data, such as credit card information, you should always check first that the site uses https (and not just http without the s).


A Keylogger is an (often malicous) program that silently records all the keys you type on your keyboard, including any passwords you might type. Keyloggers can exist either as a form of malware, or (for more sophisticated and targetted attacks) as a physical device that’s plugged into your keyboard


Malware is an all-encompassing name for different types of malicious software. There’s many different forms of malware, all with differing purposes and methods of spreading. They include viruses, worms, ransomware, rootkits, keyloggers, spyware, adware, and trojans, amongst others. Despite it’s name, antivirus software will catch all types of malware – not just viruses.


Phishing is a form of social engineering that tries to fool users into entering their login details into a spoofed website (such as one that imitates their bank), or that spread viruses through infected attachments. These attacks normally arrive by email but can also come via text message or phone call.


Ransomware is a particularly vicious form of malware that has become more popular in recent years. When activated on your computer it makes all files unreadable until a ransom fee is paid (and even then sometimes the files are destroyed for good).

Social Engineering

Social Engineering is essentially a fancy name for conning or fooling someone. These type of attacks include phishing emails, attackers blagging their way into company offices to steal documents, as well as fraudsters on the phone


Spear phishing are highly targetted phishing attacks. Whilst most phishing emails are sent to hundreds of thousands of people at a time, spear phishing emails are highly personalised by the criminals who have spent time researching their victim. These type of attacks are often sent to directors of companies to fool them into paying a fake invoice, or crafted to make it look as if the attachment is expected so that the user will open it.


Spyware (short for spy software) is a form of malware that spies on a computer user without them knowing, such as recording their passwords, credit card details, or the websites visited. Despite it’s name, anti-virus software will catch all types of malware including spyware – not just viruses.


A trojan is a type of malicious software that pretends to be a legitimate piece of software. Examples include fake antivirus programs or malicious games. Trojans can do all sorts of damage, from encrypting all your data and only releasing it for a ransom fee, to stealing data such as passwords, or perhaps being used to send spam emails from your computer. Despite it’s name, anti-virus software will catch all types of malware including trojans – not just viruses.


A worm is a type of malicious software (“malware”) that can automatically spread from computer to computer, dropping off viruses and trojans as it goes. Worms can spread incredibly quickly – in 2003 the SQLSlammer worm infected 75,000 computers in just 10 minutes! Despite it’s name, anti-virus software will catch all types of malware including worms – not just viruses.