The act of manipulating people so they give up confidential information that is of value to criminals, such as bank information, passwords, or other personal information. Phishing is an example of social engineering.
An advanced form of phishing where the attacker targets a specific individual or organization. The messages are crafted to appear to come from a sender known to the recipient. Spear phishers research their victims through social media and other online sources to create a more convincing scam.
Credentials that don’t change. Often used in computing as credentials for databases or similar systems so that development teams or automated processes can use the credentials without the disruption of changing them. Also can refer to consumer credentials when the consumer fails to change their passwords. Different from transient / dynamic credentials that change regularly, e.g., a rotating code in an authenticator application.
The practice of requiring additional levels of authentication as users progress to higher risk categories. For example, if a call to AllCreds shows a logging in user’s credentials are compromised, companies can use step-up authentication to direct the user to a second form of authentication like a token code or emailed code.
An email address usually created by a miscreant for the purpose of setting up fake accounts. Often created by script or automation with a pattern, e.g., incrementing numbers. Different from a legitimate address created by an individual for personal use.
An identity created by a combination of real and fake personal information. For example, a stolen social security number can be combined with a fake name and address to create a new identity. Fraudsters often use synthetic identities to commit financial fraud such as applying for loans, submitting tax returns, or setting up mule accounts to launder money.
Credentials that change over time. Often used in addition to static credentials as an additional level of authentication, e.g., during step-up authentication or 2FA. Examples: one-time passwords, session tokens, etc.