Glossary of Cybersecurity Threats and Scams for 2025

13 min read
(October 8, 2024)

This article provides a glossary of noteworthy cyber threats and scams in alphabetical order. Some entries, like phishing and malware, are well-known in the industry, while others, such as pig butchering and quishing, are more recent additions you might not be aware of. Each term includes a brief description of the threat or scam, offering insights into how they operate and the risks they pose. Whether familiar or new, these threats highlight the diverse methods cybercriminals use to target individuals and organizations.

Advanced Persistent Threat OS Command Injection 
Baiting and Pretexting Pharming
Business Email Compromise Phishing
Code Injection Pig Butchering
Cryptojacking Quishing
Dating and Romance Scams Ransomware
Distributed Denial of Service (DDoS) Sim Swapping
Hackers Smishing
Hacktivist Social Engineering
Identity Theft Spam
Insider Threat Spear Phishing
Investment and Crypto Scams Spoofing
 Malware SQL Injection
Man in the Middle Supply Chain Attack 
Nation-state Threats Vishing

 


Advanced Persistent Threat

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network to steal sensitive data over a prolonged period. An APT attack is carefully planned and designed to infiltrate a specific organization, evade existing security measures, and fly under the radar.


Baiting and Pretexting


Pretexting is a form of social engineering tactic used by attackers to gain access to information, systems, or services by creating deceptive scenarios that increase the success rate of a future social engineering attack. 

Social engineering refers to when a hacker impersonates someone the victim knows or trusts—such as a coworker, delivery person, or government organization—to access information or sensitive systems. In many cases, pretexting may involve interacting with people either in person or via a fraudulent email address as they launch the first phase of a future attempt to infiltrate a network or steal data using email.

In a pretexting attack, the attacker convincingly presents a story using legitimate-looking message formats and images (such as government logos), tone, and wording. Note that a pretexting attack can be done online, in person, or over the phone. The goal is to put the attacker in a better position to launch a successful future attack.  


Business Email Compromise

Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam.


Code Injection

Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper input/output data validation.  


Cryptojacking 

Cryptojacking (also called malicious crypto mining) is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online currency known as cryptocurrencies. Malicious cryptominers often come through web browser downloads or rogue mobile apps. Cryptojacking can compromise all kinds of devices, including desktops, laptops, smartphones, and even network servers. 

Return To Top

Dating and Romance Scams

Romance scammers create fake profiles on dating sites and apps or contact you through popular social media sites like Instagram or Facebook. The scammers strike up a relationship with you to build up trust, sometimes talking or chatting several times a day. Then, they make up a story and ask for money. 


Distributed Denial of Service (DDoS)

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. 


Hackers

A hacker is a person who breaks into a computer system. The reasons for hacking can be many: installing malware, stealing or destroying data, disrupting service, and more. Hacking can also be done for ethical reasons, such as trying to find software vulnerabilities so they can be fixed. 

Malicious hackers circumvent security measures and break into computers and networks without permission. Many people wonder what motivates hackers who have had intentions. While some do it for cyber-adventure, others hack into computers for spying, activism, or financial gain. Malicious hackers might use tools like computer viruses, spyware, ransomware, Trojan horses, and more to further their goals. While there may be financial incentives to hacking, the risks are high too: A malicious hacker can face a long time behind bars and massive fines for their illegal activity.

A grey hat hacker skirts the boundaries between ethical and unethical hacking by breaking laws or using unethical techniques to achieve an ethical outcome. Such hackers may use their talents to find security vulnerabilities in a network without permission to simply show off, hone their skills, or highlight a weakness.

Ethical hackers look for security flaws and vulnerabilities for the purpose of fixing them. Ethical hackers don’t break laws when hacking. An ethical hacker can be someone who tests their own computer’s network defenses to develop their knowledge of computer software and hardware or a professional hired to test and enhance system security.

Hacktivist

Hacktivism happens when political or social activists use computer technology to make a statement supporting one of their causes. In most cases, hacktivism focuses on either government or corporate targets, but it can include any significant institution, such as religious groups, drug dealers, terrorists, or pedophiles. Hacking means breaking into someone’s computer. Activism refers to promoting a social perspective.


Identity Theft

Identity theft happens when someone uses your personal or financial information without your permission. This information can include Names and addresses, Credit card or Social Security numbers, Bank account numbers, and Medical insurance account numbers. 



Investment and Crypto Scams

Investment scams often promise you can "make lots of money" with "zero risk," and often start on social media or online dating apps or sites. These scams can, of course, start with an unexpected text, email, or call, too. And, with investment scams, crypto is central in two ways: it can be both the investment and the payment. 


Malware


Malware, or “malicious software,” is an umbrella term that describes any malicious program or code harmful to systems. Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations.

Like the human flu, it interferes with normal functioning. The motives behind malware vary. Malware can be about making money off you, sabotaging your ability to get work done, making a political statement, or just bragging rights. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission. 


Man in the Middle (MITM)


A man-in-the-middle (MITM) attack is a cyberattack in which a hacker steals sensitive information by eavesdropping on communications between two online targets such as a user and a web application.

After stealthily placing themselves in the middle of two-party communications, MITM attackers intercept sensitive data such as credit card numbers, account information, and login credentials. Hackers then use that information to commit other cybercrimes such as making unauthorized purchases, hijacking financial accounts, and identity theft.

Return To Top

Nation State Threats

A nation-state threat actor is a government-sponsored group that forcefully targets and gains illicit access to the networks of other governments or to industry groups to steal, damage, and/or change information.


OS Command Injection

OS command injection is also known as shell injection. It allows an attacker to execute operating system (OS) commands on the server that is running an application, and typically fully compromise the application and its data. Often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, and exploit trust relationships to pivot the attack to other systems within the organization.


Pharming


Pharming is a term used to describe a type of cyber-attack that redirects users to fraudulent websites or manipulates their computer systems to collect sensitive information. Also known as “pharmaceutical phishing” or “phishing without a lure,” “pharming” is a combination of the words “phishing” and “farming,” indicating the large-scale nature of the attack.

In pharming attacks, malicious individuals or groups utilize various techniques to deceive users and lead them to counterfeit websites that closely resemble legitimate ones, such as online banking portals, retail shopping platforms, or social media networks. The ultimate intention behind such attacks is to deceive users into divulging their personal information, such as usernames, passwords, credit card details, or other sensitive data. 


Phishing


Phishing is a type of cyberattack designed to deceive people into revealing sensitive information. It is a type of cyberattack that uses fraudulent emails, text messages, phone calls, or websites to trick people into sharing sensitive data, downloading malware, or otherwise exposing themselves to cybercrime. Phishing attacks are a form of social engineering.

Unlike other cyberattacks that directly target networks and resources, social engineering attacks use human error, fake stories and pressure tactics to manipulate victims into unintentionally harming themselves or their organizations. 

In a typical phishing scam, a hacker pretends to be someone the victim trusts, like a colleague, boss, authority figure or representative of a well-known brand. The hacker sends a message directing the victim to pay an invoice, open an attachment, click a link or take some other action. Because they trust the supposed source of the message, the user follows the instructions and falls right into the scammer's trap. That "invoice" might lead directly to a hacker's account. That attachment might install ransomware on the user's device. That link might take the user to a website that steals credit card numbers, bank account numbers, login credentials or other personal data.  


Pig Butchering


A little bit of “social engineering” to trick a victim into doing something disadvantageous, whether that's trusting someone they shouldn't or sending money into the void. Now, a new variation of these schemes, known as “pig butchering”.

Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can also involve other types of financial trading. 

Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. They’ll often say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds by saying that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can. 

Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.

Return To Top

Quishing


Quishing, or QR phishing, is a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content.

The goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware. This type of phishing often bypasses conventional defenses like secure email gateways.

Notably, QR codes in emails are perceived by many secure email gateways as meaningless images, making users vulnerable to specific forms of phishing attacks. QR codes can also be presented to intended victims in several other ways. 


Ransomware

Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker. 


SIM Swapping


SIM swapping, also known as SIM splitting, simjacking, or SIM hijacking, is a technique used by fraudsters to get control of your phone number. With your phone number, hackers can use two-factor authentication to access your bank accounts, social media accounts, and more.

To understand SIM swapping, you must first know how two-factor authentication and SIM cards work. Security experts recommend two-factor authentication to protect your online accounts, but it isn’t a perfect system – a third party with your phone number could bypass it. Two-factor authentication alone doesn’t 100% protect your accounts from getting hacked. 

Setting up two-factor authentication for an account typically entails providing your cell phone number, so that you can receive unique codes to use each time you log in after entering your username and password. The code may also be sent to your email. Since two-factor authentication has become so common, hackers now have another challenge to gaining access to your information – they now need to get your cell phone number, too. 

To get your phone number, scammers must contact your mobile carrier and convince them to transfer your phone number to one of their SIM cards. But mobile carriers don’t transfer cell phone numbers just because someone asks – they require more information.

Fraudsters often use social media to collect personal information they could use to answer security questions to gain access to their target’s account. For example, your birthday, your mother’s maiden name, and the high school you went to are common security questions that a third party could easily get the answers to by browsing your social media. 


Smishing


Smishing is a closely related phishing attack that also uses smartphone numbers. But instead of voice mail, smishing uses text messages to trick users. These messages could contain a phone number for a targeted user to call or a link to an attacker-controlled website hosting malware or a phishing page.

Smishing relies mainly on users trusting text messages. The messages usually promise prize money, and coupons or threaten to cancel accounts if the user does not authenticate and reset credentials. Because text messages are more informal, victims may trust text messages more than suspicious emails. 

There is a lot of overlap between smishing and vishing. A vishing attack might also start with a text message and contain a phone number asking users to call, but vishing attacks could also use automated messages and robocalls. Smishing can also include a phone number in a text message, but many attacks focus mainly on tricking users into clicking links and opening a malicious website page. 


Social Engineering


Social engineering attacks manipulate people into sharing information that they shouldn’t share, downloading software that they shouldn’t download, visiting websites they shouldn’t visit, sending money to criminals, or making other mistakes that compromise their personal or organizational security. 

An email that seems to be from a trusted coworker requesting sensitive information, a threatening voicemail claiming to be from the IRS, and an offer of riches from a foreign potentate are just a few examples of social engineering. Because social engineering uses psychological manipulation and exploits human error or weakness rather than technical or digital system vulnerabilities, it is sometimes called "human hacking." 


SPAM

If you open your email inbox and see dozens (if not hundreds) of emails you didn't ask for, you're looking at spam. In tech, "spam" is a term for unwanted, unsolicited mass communications. While the term is most commonly associated with email, it can also be used to refer to spam comments on blogs and social media, physical junk mail, robocalls, and more. 


Spear Phishing


Spear phishing is a cyberattack method that hackers use to steal sensitive information or install malware on the devices of specific victims. Spear-phishing attacks are highly targeted, hugely effective, and difficult to prevent. 

Hackers use spear-phishing attacks to steal sensitive data, such as account details or financial information, from their targets. An attack requires significant research, often acquiring personal information about the victim. This is typically done through accessing social media accounts to discover information like their name and email address, who their friends are, their hometown, employer, recent purchase history, and locations they visit. Attackers then disguise themselves as someone their victim trusts, usually a friend or colleague, and attempt to acquire sensitive information via email or instant messaging tools. 


Spoofing

Spoofing is a completely new beast created by merging age-old deception strategies with modern technology. Spoofing is a sort of fraud in which someone or something forges the sender’s identity and poses as a reputable source, business, colleague, or other trusted contact to obtain personal information, acquire money, spread malware, or steal data.


SQL Injection


An SQL injection attack consists of the insertion or “injection” of an SQL query via the input data from the client into the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input to affect the execution of predefined SQL commands. 


Supply Chain Attack


A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain. Software supply chain attacks inject malicious code into an application in order to infect all users of an app, while hardware supply chain attacks compromise physical components for the same purpose.

Historically, supply chain attacks have referred to attacks against trusted relationships, in which an unsecured supplier in a chain is attacked in order to gain access to their larger trading partners. This is what happened in the 2013 attack against Target, where the threat actor gained access to an HVAC contractor in order to enter Target’s systems. 


Vishing


Phishing and vishing have the same goal: to obtain sensitive data from users that could be used for identity theft, monetary gain or account takeover. The main difference between phishing and vishing is the medium used to target potential victims. Whereas phishing is primarily an email-based attack, vishing uses voice, typically calls to a user’s cell phone number.

Both vishers and phishers send messages to potential victims, usually in high volumes. Phishing attackers send a large number of email messages to a list of potential targets. If the attacker targets a specific organization, only a list of high-privileged user email addresses from the targeted business might be used. Phishers generally use compelling email messages to trick users into replying with sensitive information or convince the user to click a link where malware is hosted. Malicious attachments are also used in some phishing attacks.

The visher might first send a text message to potential victims in high volumes from a long list of phone numbers. The message might ask users to make a phone call to the attacker’s number. Another vishing method creates an automated message and robo-dials potential victims. It uses computer-generated voice messages to remove accents and build trust. The voice message then tricks the user into connecting to a human agent who continues the scam, or it might ask users to open an attacker-controlled website. 

Although there are minor differences between vishing and phishing, the end goal is always the same: credentials, personally identifiable data, and financial information. Users familiar with phishing might not be familiar with vishing, so attackers increase their chances of success