cacr logo

apwg logo



This page serves to answer commonly asked questions about terminology, the phishing scams, and our group. If your questions are not answered here, feel free to Contact Us, and we will try our best to give you an answer.


419 Scam
A scam where someone pretends to be a wealthy foreigner who wants help moving a large amount of money overseas. Usually, the scammer requests bank account information to pay for fees supposedly incurred in the large-sum transfer. The large sum transfer never happens and the victim is taken for as much 'fee' money as possible.
Anti-virus Software
Computer software that attempts to locate, disable and remove from a computer any malicious software (such as viruses and worms).
Authentication Token
A security device carried by an authorized user. The device has a changing value or a secret algorithm that cannot be copied -- thus requiring a valid token to be possessed by whomever wants to authenticate.
Artificially generating income from click-based advertising systems by simulating clicks that don't really occur, or by causing real clicks that aren't due to actual interest in the advertising content.
DNS poisoning
Injecting bad data into a domain name server's cache in order to change (for users of that server) the destination a domain resolves to. A phisher may poison DNS at a university to cause all university-originating traffic to go to his server instead of a bank's.
DNS server
A server that translates DNS names (such as into an IP address that is actually used for communication on the Internet.
The small icon displayed next to a URL in the address bar of a browser. Phishers can place a 'lock' icon here to pretend the connection is secure, or they can set this icon appropriately to mimic a real site.
Gartner estimate
An estimate provided by a well-renowned research firm named Gartner
IP address
A set of four numbers from 1-255 separated by periods (.) that are used to identify each computer on a network. (Example: An IP address instead of a Domain Name (like can be used in a phishing URL to hide the fact that a given website is not legitimate. In a pharming attack, the IP address returned by a DNS server is changed to direct victims to a phisher's site.
Keyboard logger
Also known as 'keylogger', a piece of software (or hardware) that records all keys pressed on a computer's keyboard. Often, keyloggers will report the sequence of keys to an 'owner' of the malicious logger.
Lock icon
A small padlock icon displayed by a web browser to indicate that the browser has established a secure connection to the currently loaded website. This suggests to the user that nobody can 'eavesdrop' on their communications with the server.
Malicious software such as a virus, worm, trojan horse, or spyware that is installed on a system with harmful or malicious intent
Man-in-the-middle (MITM)
An attack where a third party relays all messages back and forth between a client and server. During the attack, messages may be changed or simply recorded for later use.
In computer security, this is an attack where an attacker compromises domain name values and redirects many people to the wrong IP for a given domain. Often this is accomplished with DNS poisoning or by modifying the hosts files on peoples' computers.
Tricking someone into giving up private data by masquerading as an authority. This is mostly accomplished using email or instant messages, directing the recipient to a fraudulent website that appears legitimate.
Phishing IQ test
A test where emails are displayed to a participant who is then asked to classify each as fraud or real. Usually these tests are used to illustrate the difficulty of identifying phishing emails.
SSL Post
A form submission that originates from an unencrypted 'http' page but posts to an encrypted page (https). Encryption only occurs in this case after the submission button is pressed.
Screen scraper
Software that analyzes the graphics displayed on a computer screen and translates displayed images into text.
Secure Sockets Layer (SSL)
A communication protocol developed by Netscape that is used to establish cryptographically secure communications between a client (usually a web browser) and server.
Signature-based malware detection
A method of detecting malware that identifies malware by analyzing behavior of software, configuration and software patterns.
Spear phishing
This (a.k.a. context-aware phishing) is to phishing what targeted advertising is to advertising. Namely, in spear phishing, the attacker infers or manipulates the context of his intended victim, and then "personalizes" his attack.
Spoofed email
Assuming the identity of another person while sending email; often used to disguise the actual sender of a message.
Malware installed on a computer that covertly gathers information about the computer's user.
A subdivision of a master domain, e.g. 'cs' in and 'informatics' in
Synthetic identity fraud
Posing as someone using identity that is completely fabricated -- making up a new identity and assuming it.
Yield (phishing)
The percentage of targets in a scam that fall victim. If email asking for credit card details is sent to 100 people and 2 of them respond, yield is 2%.