Scams glossary

Do you know your phishing, from your vishing or your smishing and quishing? Our scams glossary can help you navigate the jargon
Tali Ramsey

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Action Fraud

The national reporting centre for fraud and cybercrime. Action Fraud reports about fraud on behalf of the police in England, Wales and Northern Ireland.

Advance-fee fraud

When a scammer makes you pay upfront for bogus goods, services or investments.

Adware

A type of malicious software that displays unwanted ads or pop-ups on your device when browsing the internet.

Antivirus software

Software that protects your device against viruses, malware and other attacks by cybercriminals.

Artificial intelligence

A machine's ability to perform tasks normally carried out by humans.

Authorised push payment (APP) fraud

Where the victim is tricked into transferring money from to a scammer.

Bait and switch

Advertising products at too good to be true prices, only to switch to higher prices once you visit the website the ad leads to.

Bitcoin

The most famous type of cryptocurrency.

Blackmail

Demanding a payment for not releasing damaging information about someone.

Brushing

When dodgy sellers artificially inflate sales volumes on online marketplaces by sending fake orders of their own items to random addresses. 

Catfishing

Creating a fake online dating profile with the intention of scamming others.

Clickjacking

The malicious practice of concealing hyperlinks beneath legitimate clickable content, making victims click on something potentially harmful.

Copycat websites

Fake websites that imitate genuine companies, organisations or authorities.

Cryptocurrency

A digital or virtual, form of currency.

Dark web

A hidden collective of internet websites that are only accessible from a specific web browser. It's used for keeping internet activity anonymous, including illegal activities such as cybercrime.

Data breach

When protected personal data is accidentally or deliberately destroyed, lost, altered, disclosed or accessed without permission, usually as a result of a security incident.

Deepfake

A video of a person whose face or body has been digitally manipulated to appear to be someone else or an image of a non-existent person.

Fleeceware

A mobile app that charges you hidden excessive subscription fees.

Hacking

Fraudsters gaining access to your accounts, devices or systems.

Identity theft

When a criminal steals your personal information.

Identity fraud

When a criminal uses your personal information to obtain goods or services or to open accounts in your name.

Malvertising

When adverts incorporate malware.

Malware

Short for malicious software, it's designed to steal data or damage or destroy devices and computer systems.

Money mule

Someone who transfers money acquired illegally, such as through fraud, to another account.

One-time passcode

A password that is only valid to log in to an account once.

Online Safety Act

Legislation established to control harmful online content, including scams.

Password manager

Software applications designed to store and manage online passwords, usually in an encrypted database.

Phishing

Fraudsters impersonating people or companies, typically through messages with links, to trick you into revealing your personal and/or financial information.

Pig butchering

Scammers grooming you into an online relationship, only to gain your trust and get you to put money into an investment scam.

Ponzi/pyramid schemes

A form of illegal investment scheme where you’re recruited by a company that requires you to pay a fee and you're rewarded for each new person you recruit into the company.

Quishing

A type of phishing scam which takes you to a malicious website using a QR code.

Ransomware

Malware designed to block access to a computer system unless you pay.

Recovery

When fraudsters target those who have been victims of scams and ask for a small fee to recover their lost funds.

Sextortion

Fraudsters asking for money by threatening to expose sexual videos or photos of you.

Skimming

Placing a small device on a card reader which captures and stores the details on the card's magnetic stripe - this includes the card number, expiration date and the cardholder's full name.

Social engineering

When scammers try to manipulate potential victims into believing fake scenarios. For example,  the scammer calls the victim and claims their bank account has been compromised and the victim speaking to someone from their bank's fraud team who's going to help them.

Smishing

Phishing via text message, where scammers impersonate people or companies in messages that get you to reveal your personal and/or financial information.

Spoofing

Where scammers use software to make a display name or phone number appear to be that of a genuine organisation.

Spear phishing

When fraudsters target you specifically through dodgy messages after gathering personal information on you.

Spyware

Malicious software which gathers information about you and sends it to a third party.

Tapjacking

On Android phones, a malicious app is overlaid on top of a legitimate one, creating a fake user interface that tricks you into performing actions including making in-app purchases.

Trojan horse

Malware which disguises itself as a legitimate program.

Two-factor authentication (2FA)

A security measure where an account requires another form of authorisation to allow the user access to their account, such as being texted a code to log into an online account.

Virus

A type of malware that spreads between computers and can steal data, corrupt files and take over your device.

Vishing

Phishing via a phone call, where scammers impersonate people or companies over the phone to get you to reveal your personal and/or financial information.

Voice cloning

An audio deepfake which imitates someone’s voice using artificial intelligence.

Whaling

A targeted phishing attack where a fraudster impersonates a senior member of an organisation and targets other seniors at the same company through phishing emails.