Glossary: Fraud and Scam Terms You Should Know

Account takeover: Account takeover (ATO) fraud is a type of identity theft where criminals gain access to your online accounts (including financial, credit, email, or social media accounts) and uses them for fraudulent activity. Sometimes scammers will steal your personal information and then contact credit card companies pretending to be you. They can then change passwords and PIN numbers for your credit card, a type of credit card fraud.

ACH Fraud: Account Clearinghouse (ACH) fraud happens when a criminal gets access to your bank account number and routing numbers — and then uses that info to initiate a payment that you didn't authorize.

AI Voice Fraud: AI voice fraud is a type of fraud where fraudsters use AI — along with snippet of someone's voice — to effectively clone someone's voice, down to the pitch, tone and speech patterns. Then the fraudster can calls you, pretending to be someone you know, and manipulates you with a fake story to get them to give you money.

Skimming: Card skimming is a type of fraud where scammers secretly insert a device (called a skimmer) into an ATM or a retail card reader. This allows them to capture your credit or debit card information, which they can then sell to other fraudsters — or use it to make purchases online, apply for credit in your name, or make fake credit cards. Card skimming is one of the strategies scammers can commit credit card fraud.

Credit card fraud: According to the FTC,1 credit card fraud was the most common type of identity theft reported in 2023. Credit card fraud happens when a scammer uses a credit card that is registered under your name and Social Security number. The credit card could be one that legitimately belongs to you — or it could be one that the scammer applied for using your personal information. There are many ways this can happen, including using card skimming to steal your card info, taking over your credit card account, or applying for a new credit card in your name.

Deepfake scams: In a deepfake scam, criminals use AI to create a video or voice recording — pre-recorded or in real-time conversation — to trick you into sending them money or sensitive information.Deepfakes can be used in many different types of scams, including romance scams, investment fraud, phishing and other types of financial fraud.

Malware and Ransomware: Though often referenced together, malware and ransomware are not exactly the same thing. Malware ("malicious software") is any type of software created to disrupt or damage a device's operation, gather sensitive information, or give someone access to your computer. Ransomware is a specific type of malware. Ransomware attempts gain access to a victim's files, with the goal of locking and encrypting them — and then demanding a ransom from the file owner in exchange for unlocking the file.

Man-in-the-Middle Attacks: With Man-in-the-Middle (MITM) attacks, a criminal finds a way to get between a victim and a trusted online entity to intercept data or money. This can happen in a variety of ways, including IP, DNS, or HTTPS spoofing; SSL hijacking, email hijacking, Wi-Fi eavesdropping and browser cookie stealing.

Password Managers: A password manager is a software application or hardware device that creates strong, complex passwords for online accounts. The password manager then allows you to access to those passwords via a master code that you, the user, create. This allows you to create unique, extremely hard-to-guess passwords for every account while you only need to remember the master code.

Phishing: Phishing is when someone sends fraudulent emails in an attempt to access your personal information — or to manipulate you into giving them your personal information directly. And these emails typically look very credible. Ways phishing emails do this include asking you to reply with confidential information, asking you to click on a link, or asking you to open a file.

Pig Butchering: Pig butchering is a cybercrime in which a scammer slowly nurtures a relationship with a victim (not unlike how a farmer nurtures a pig while fattening it up). Once the scammer has built a relationship and established trust, they use that to manipulate as much money as possible out of the victim (think: the pig is maximally fattened up). When the victim has nothing left to give, the scammer suddenly "slaughters" the relationship, disappearing with the victim's money. 

Prextexting: Pretexting is a type of social engineering attack where scammers use emails or texts that appear to come from someone the target knows. This establishes trust with the victim and makes it more likely they will turn info over to the scammer.

Romance Scams: Romance scams, also called online dating fraud, are a type of cybercrime that happens when a bad actor builds an emotional connection with a victim online to manipulate them into sending the scammer money or something else of value, like personal information. 

SIM Swapping: SIM swapping is when a cybercriminal manages to transfer control of your incoming calls and texts over to a phone they control. Their goal is often to gain access to your financial accounts by triggering a multi-factor authentication (MFA) text that they receive after they commandeer your phone.

Smishing: The term smishing is a mashup of the acronym SMS (another name for texting) and phishing, a type of internet fraud that involves tricking you into responding to a fake email. Smishing is a type of phishing that uses text messages to try to dupe you into sharing personal financial information like your password, bank account, or credit card number.

Social Engineering Scams: Social engineering scams use psychological manipulation to get people to take some action. Unlike hacking, when criminals attack weak parts of computer systems, social engineering scammers prey on human weaknesses for their criminal activity. In most cases, social engineering scams aim to trick people into providing personal info, downloading an attachment, or clicking a link. Their goal is to defraud or somehow harm the victim, in most cases financially. Types of social engineering scams include phishing, vishing and pretexting.

Spoofing: Spoofing is when a scammer disguises their identity by manipulating caller ID, email addresses, or website URLs to appear as a trusted entity like a bank, government agency, or other familiar source. Spoofing can also happen through the use of AI voice fraud or deepfakes. The goal is to use that trust to trick the victim into providing sensitive personal information or money.

Vishing: Vishing is a type of fraud that relies on getting you to trust the person at the other end of a phone call. The initial contact might be a phone call to you, but the scheme can also start with an email message or text asking you to call a number. Because the number the scammer is calling from or the email address they're contacting you from can be spoofed, it is easy to fool people into believing the contact is legitimate. The goal of vishing is to get you to reveal your personal data, account numbers, or security codes by phone so that cyber thieves can use that information to access your cash or credit.