Names of online scams

Here’s the ultimate 21st-century glossary — of online scams. Go phish … (And note: All definitions are courtesy of the Oxford English Dictionary, except where noted. These names are legit, even though the practices aren’t.)

Catfish: “to lure (someone) into a relationship by means of a fictional online persona”

Drive-by downloads: “The downloading of a virus or malware onto your computer or mobile device when you visit a compromised website — it happens without your clicking on anything at the site.” (AARP)

Ghosting: “Identity thieves use the personal information of the deceased. Criminals look for personal details in obituaries, funeral homes, hospitals, stolen death certificates, and websites online to commit identity fraud.” (from

Hash buster: “a program which randomly adds characters to data in order to change the data’s hash sum. This is typically used to add words to spam e-mails, to bypass hash filters. As the e-mail’s hash sum is different from the sum of e-mails previously defined as spam, the e-mail is not considered spam and therefore delivered as if it were a normal message.” (Wikipedia)

Keylogger: “A computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.”

Malvertising: “The practice of incorporating malware in online advertisements.”

Man-in-the-middle attack: “A perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers.” (from Incapsula)

Nigerian letter or “419” fraud: “Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed, or e-mailed, from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The schemes themselves violate section 419 of the Nigerian criminal code, hence the label “419 fraud.'” (from

Pharming: “The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.”

Phishing: “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”

Scareware: “Malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.”

Skimming: “The capture of information from the magnetic stripe on credit and debit cards by “skimmer” devices that are secretly installed on card-reading systems at gas pumps, ATMs and store checkout counters.” (AARP)

Smishing: “The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.”

Spear-phishing: “The fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.”

Spoofing: “Spoofing generally refers to the dissemination of e-mail which is forged to appear as though it was sent by someone other than the actual source. Phishing, also referred to as vishing, smishing, or pharming, is often used in conjunction with a spoofed e-mail. It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user’s information.” (from

Whaling: “Whaling and spear phishing scams differ from ordinary phishing scams in that they target businesses using information specific to the business that has been obtained elsewhere.” (from Scamwatch). “Phishing attempt on a “big fish” target (typically corporate executives or payroll departments) by a scammer who poses as its CEO, a company attorney or a vendor to get payments or sensitive information.” (AARP)

Vishing: “The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.”