Software tool or program that generates random card numbers, using the Luhn algorithm to follow the correct format for credit card numbers. Fraudsters use card generators to obtain cards that can be tested on sites that accept payments, hoping to find active credit cards.

Be at risk, or make something at risk of misuse. Usually meaning that a bad actor is attempting to (or has already) obtained some otherwise confidential information. “Your online banking credentials were compromised, and now a bad actor has access to your bank account.” Also used synonymously with ATO as in “My account was compromised,” meaning my legitimate account was accessed by an unauthorized party.

Attempting to access computer systems without authorization. This action is done with malicious intent for personal gain or simply to destroy data. Crackers look for backdoors in programs and systems that can be exploited. Often used interchangeably with hacking, though not technically identical.

That which is used for verification or validation. A username and password is a credential or credential pair when intended for use to log in to a website. A Social Security number is also a credential when it is used for verification of someone’s identity.

A type of cyber attack in which username and password pairs (“credentials”) obtained from one source are attempted against other sites and systems. Criminals use bots or scripts to automatically try logging in to various sites with large numbers of credentials, “stuffing” the target site with numerous login attempts in a short time. Their goal is to discover which credentials are valid (successful). Read more.

An area of the internet that is only accessible through encrypted networks such as Tor ("The Onion Routing" project) and is not indexed (searchable) by search engines. The dark web provides anonymity and is a haven for criminals to buy and sell personal data, malware kits, access to companies’ networks, and more.

Email Account Compromise. A cyber attack where a criminal gains access to a legitimate email account through techniques such as credential stuffing, phishing, or malware. The criminal can then profile the victim using information obtained from contacts and emails and can send emails posing as the victim to commit fraud against other contacts. The criminal can also manipulate the account by changing forwarding rules or permissions. EAC is similar to BEC, but the difference is that the miscreant has access to the email account whereas for BEC, the miscreant is spoofing the email address.