Skip to main content
Become a member
  • Register
  • Login

Register Login


News Cyber Security - Need to know

Cyber series: From phishing to whaling - cyber terms explained

19 Nov 2017
Gold padlock on a computer

Given the amount of terminology and jargon relating to cyber security, trying to make sense of it all might make you feel like you’re trying learn a new language. 

We’ve produced this simple guide to some of the more commonly used terms associated with cyber security that will also help you understand the various ways that criminals try to spread viruses and steal your data...

Phishing – A phishing scam is so-called because the perpetrator is fishing for information and hopes you will take the bait, which will come in the form of an email. Often that email will ask you to take urgent action on an important matter. For example, somebody has made a transaction on your Ebay or Paypal account and you must go to a site where you have to log in your account details which is akin to handing your bank card with your pin number to a con artist.

Look out for spelling mistakes or the fact that the sender’s address bears no relation to the company it claims to represent.

Spear Phishing – This is when the phishing scam has a specific target or individual in mind. On a similar note…

Whaling – Last year, Austrian aerospace parts maker FACC was swindled out of a colossal €42m (£37m) by hackers using a phishing scam known as ‘whaling’. This scam targets a company’s CEO or finance officer – aka the ‘one big fish’ – by tricking them into rushing through a large payment for a fake acquisition. According to a report by the Federal Bureau of Investigation (FBI) in June last year, identified losses from this type of scam came to £3.1bn (£2.4bn) and had risen by 1,300% in 18 months.

Smishing – Essentially, it’s the same as a phishing scam but it’s done through a text message (or SMS, hence smishing). In May of this year, a bogus text claiming to be from NatWest revealed the following message ‘We detected unusual login attempts on your account. Please verify account to avoid suspension, visit the secure link.’ In April, the NHS had to issue a warning when patients received phoney text messages asking for their date of birth and confirmation of their email address.

Malware – aka Malicious Software, Malware is the catch-all term for any software that has been unintentionally installed on your computer and can, in turn, wreak all sorts of havoc through different types of malware including viruses, spyware and trojans.

Payload – The part of the malware program that will execute the task its been designed to carry out.

Trojan – Trojans are most common type of malware. You may, for example, be presented with a page asking you to download the latest version of Adobe Flash. Just like the original Trojan Horse it is disguised and may look harmless but that download can open the door for hackers to get access to browsing history as well as passwords and login details.

Spyware – This can come in a variety of different guises, but all are intended to gather information about your online usage without your knowledge. In can simply be used to match ads which correspond to pages and sites that you’ve recently visited. Malicious spyware can create a pop-up with a fake warning that claims your computer is infected and will send you to a page to fix the fake problem, which can lead to far bigger problems.

Virus – In simple terms, a computer virus is designed to alter the way a computer operates. The virus can also replicate and spread from one computer to another.

Worm – A type of virus that comes in the form of a file which, after it has been opened, can spread across your network. Back in 2000, people were receiving an email with a subject line that said, ‘I Love You’ and came with an attachment designed to look like a letter. It was devastatingly effective and once opened it would resend to everyone in the user’s mailing list, and created so many multiple messages it was shutting down mail systems as well as overwriting million of files across networks. It was difficult to know for sure how much damage ILOVEYOU did, but the figure was estimated to be in the region of $15bn.

Cracker – A combination of hacker and safe-cracker, it is used to describe somebody who has broken into a computer system and intends to cause all sorts of trouble. This could include infecting the system with a virus, stealing data or destroying important files.

Cyber security for business

The IoD have created a Cyber Hub as a resource for all things digital security. Whether you need to learn the basics with a glossary of cyber-terminology, step-by-step instructions on improving your online protection, or to simply stay involved in the latest conversations, you can find the help you need here to safeguard your business and employees.

Visit our cyber security for business hub

Get involved in the conversation or use the hashtag

IoD members can find more in-depth information and resources about cyber security in our factsheet

An error has occurred. Error: Related articles is currently unavailable.

Contact our press office

Press office

IoD Professional Development Brochure

Knowledge, skills and mindset for a challenging world

IoD courses are designed to tackle the core competencies needed to thrive at board-level.

Download course brochure