Identity Theft Glossary

identity theft glossary

The ID Theft Glossary: Things You Must know About Identity Theft

Knowledge puts you on the offense against identity theft. According to the Identity Theft Resource Center, it can take you over 300 hours to recover from identity theft without ID theft protection.

The more you know, the better off you are to protect yourself from identity theft. We created this list of important terms for you, so you don’t have to spend hours of your own time in research.


Identity Theft. Coined in 1964, is a shorthand way of referring to the growing number of ways the bad guys can make you a victim.

What they want is access to your:

  • Assets including bank accounts and investments
  • Credit rating to get a loan or buy a house
  • Credit cards for purchases
  • Medical insurance for treatment or controlled substances
  • Personal identification for passports, driver’s license, and an alias when arrested.


Important identity theft terms to know:

Account Takeover: Armed with all the necessary information, the thief gains control of your financial accounts, ranging from banking to investment.

Affidavit of Factual Innocence: An Affidavit of Factual Innocence is a document issued by a court to certify the factual innocence of an individual. If criminals are using your identity, you could be arrested. To validate that you didn’t commit the criminal act, you need this legal document from the court.

Affidavit of Forgery: An affidavit of forgery is a legal document that’s completed by a person who has been a victim of identity fraud.

Anti-Virus: This is software which can be purchased and downloaded to prevent “malware” from entering the computer. Malware is malicious software in the form of trojans, worms, spyware, and viruses. Most anti-virus software packages update themselves automatically.

Backdoor: A backdoor in computing, refers to a hidden method of authentication to gain access to a computer or network.

Bankruptcy: Identity theft victims are legally entitled to bankruptcy protection but this option should be avoided because the financial damage done to your credit by identity theft can be removed after providing proof to credit reporting agencies.

Black Hat Hacker: A black hat hacker is a computer expert who finds vulnerabilities in internet security and exploits them for their own malicious gain.

Bot: Short for robot, a “bot” is a script or application that completes repetitive actions on command. Can be used to gain control of computers.

Brute-Force Attacks: Brute-force attacks are methods used by criminals to determine a password or PIN in order to break into a computer or network.

Carding: Carding is the act of taking the credit card information from an unsuspecting victim and using it to either make unauthorized purchases, or to sell to other criminals who are more than willing to pay for the credit card.

Catfishing: Catfiishing is when a person creates a fake identity online to con you into an online relationship, with the goal to steal your identity.

Check Kiting: Check kiting is a popular form of fraud that allows a person to take advantage of non-existent money in a bank account by using bad or “hot” checks as a form of unauthorized credit.

Check Washing: Check washing is another method identity thieves use to steal from you. They dip your check in acetone, which washes the ink off so they can write it for a higher amount.

Child Identity Theft: Children are prime targets for identity theft because they don’t have credit histories nor credit reports. Identity thieves know this and take advantage of a child’s clean slate to manipulate and mold their account for many years. Minors are attractive targets because these types of thefts typically go unnoticed for years until it’s too late and the thief is already long gone.

Cloud Security: Cloud Security is a term that refers to policies, controls, and other technology used to protect data & details involved in cloud computing.

Computer Worm: Computer worms use computer networks to spread themselves, relying on security failures of the target computer to access and cause damage.

Computer Zombie: A computer zombie is a computer that a hacker has accessed and set up to transmit malicious software to other computers on the Internet.

Credit Freeze: A safe way to protect from identity theft is to place a credit freeze on your report with all the credit bureaus. The credit freeze causes the person’s data to be “frozen” at the credit bureau until they give consent for their information to be released to the agency who is pulling their credit. By having a credit freeze in place, an identity thief cannot open a new account in your name. The downside of a credit freeze is that it makes it difficult for you to apply for a loan because it can take a few days for the freeze to be lifted from your credit profile.

Credit Reporting Agencies: The three credit bureau agencies– Experian, Equifax, and TransUnion – track your financial transactions. Based on your payment history, amount of debt and other factors, they rate your “credit-worthiness.” That is, if you are a good bet to lend money to. Identity thieves with no credit rating or a negative one will want to “steal” yours if your score is high.

Criminal Identity Theft: Criminal identity theft is when a stolen identity is being fraudulently used to commit crimes in the name of the victim. This type of identity theft is typically caused by individuals with a criminal record or someone who is not willing to leave a trace. Clearing this up may take months.

Cross Site Scripting: Cross site scripting refers to an attack that allows a hacker to carry out dangerous scripts on a legitimate website or application.

Cyber Attack: Cyber attacks are carried out through the Internet in order to spread dangerous programs, steal personal information, or harm the public.

Cyber Crime: This is an umbrella term for the growing number of ways thieves gain access to both your information and accounts via digital technology.

Dark Web: The dark web is the underground of the internet where identity thieves conduct illegal business knowing they can’t be tracked by authorities.

Data Breach: A data breach is when protected or confidential information has been viewed or stolen by an identity thief. Data breaches can include: personal financial information, personal health information, trade secrets, or intellectual property.

Data Encryption: Data encryption is a method of altering electronic information into a form only authorized users can read or understand.

DDos Attack: A DDoS attack uses multiple computers to flood the server with traffic. Real users are often blocked from using the site and its services.

Debt Tagging: Debt tagging is when a person is being held responsible for another person’s debt. Identity theft victims are caught in this scheme.

Drive-By Download: A drive-by download is when your computer is infected by a malicious program simply because it visited a website and not by clicking a link.

Dumpster Diving: Retrieving documents, ranging from bank statements to credit card bills from the trash has become a standard practice for identity thieves. That’s why you must shred these documents.  In addition, you shouldn’t discard used technical equipment or devices without having them wiped clean of any information. These include personal computers, mobile phones, and gadgets.

Electronic Pickpocketing: Electronic pickpocketing is a type of identity theft where criminals wirelessly “skim” RFID enabled cards to steal embedded information.

Email Bomb: An email bomb is when someone floods a particular email inbox or email server with messages – enough to possibly overload the system and cause it to stop working properly.

Fake Job Ads: Fake job ads are traps set by identity thieves. An identity thief may send you a congratulatory email saying you have been hired. Then they request verification documents like SSN card and photo ID, and even trick you into filling out what seems to be a direct deposit form which gives away your bank account and routing numbers.

Federal Trade Commission: The Federal Trade Commission collects complaints about identity theft & also prevents fraudulent, deceptive, and unfair business practices.

Financial Identity Theft: The objective is direct financial gain. That can take the form of credit card purchases, obtaining loans, and withdrawing money for banking and investment accounts.

Firewall: A barrier designed to help protect your personal, private information from being stolen by criminals. It’s a common weapon in the fight against identity theft.

Fraud Alert: If someone has tried to get funds in your name, a red flag is put on your credit reports at the three Credit Reporting Agencies (CRAs). This alerts funding agencies to investigate all requests.

Ghost Terminal: A ghost terminal is an electronic device tailored to copy a credit card’s magnetic strip and PIN in order to steal money from an account.

Grey Hat Hacker: Grey hat hackers are skilled computer technicians who may violate laws or typical ethical standards, but have no malicious intent.

Hacker: A hacker is anyone that uses a computer to break into operating systems to steal or damage existing information.

Hidden Dialer: Hidden dialers are programs that secretly use your computer to dial telephone lines that can lead to you receiving an unexpected phone bill.

Honeypot: A honeypot is a decoy, or trap for would-be hackers looking to steal your identity or, on a larger scale, your computer or network data.

Identity Cloning: Identity Cloning is a way for identity thieves to impersonate someone else to hide their own identity. The thief basically takes over your life by living and working as you.

Identity Theft: Identity theft is a an act in which a thief obtains key pieces of personal information, such as a driver’s license number, date of birth,  or social security number, in order to impersonate someone else. The information is then used to obtain credit, buy merchandise, and use services in the name of the victim, or to provide the thief with fake credentials.

Identity Theft Monitoring: Identity theft monitoring is when a company keeps an eye on your identity and will notify you of those who are trying to steal it. This could prevent years of credit issues or the loss of your money.

Identity Theft Report: An identity theft report allows a victim of a crime to have the theft logged down either in written or printed form, allowing the crime to be investigated by local, state or even federal authorities.

Jailbreaking: Jailbreaking is the removal of restrictions that are set on various devices, such as those on an electronic tablet or smartphone.

Keylogger: A keylogger is when keystrokes you make on your computer are tracked and logged without your authorization or knowledge that it’s happening.

Koobface: Koobface is a virus used to target Windows, Mac and Linux operating platforms intended to infect your computer with malware.

Link Masking: Link masking involves taking a lengthy website address and making it shorter to conceal or cover up the real identity of the website address.

Logic Bomb: A logic bomb executes a cyber attack like erasing files or an entire hard drive at a specific time when triggered by a specific event.

Macro Virus: A macro virus is a malicious program that can be embedded into a software application such as a word document or spreadsheet application.

Mail Fraud: Mail fraud is a method identity thieves use to obtain your personal information by stealing your mail. This can include pre-approved credit card applications or any other information that will help them get credit in your name.

Malvertising: Malvertising is the use of online advertisements to help spread dangerous malware. It’s derived  from malicious advertising.

Malware: A term for malicious software. Examples are, viruses, Trojan horses, spyware, and worms.

Medical Identity Theft: This is the fraudulent use of your medical insurance to pay for treatment or drugs such as controlled substances. Since that becomes part of your medical record, there are negative implications for your own treatment and future insurability. Also, you could be a “sitting duck” for investigation by law enforcement about the use or sale of controlled substances.

Money Mule: Money mules are recruited by criminals to use stolen credit card information and usually unaware that what they’re doing is part of a crime.

Opt-OutWhen you decide to opt-out, you let your financial institution, insurance company, CRA, or any other company that sells your personal information know that you don’t want your information shared. This is your right, and it protects you from unwanted junk mail and phone calls, not to mention identity theft.

Pharming: Pharming is a fraudulent method identity thieves use to redirect a user to a bogus website in order to get personal information.

Phishing: The activity of tricking an online account holder of financial information by posing as a legitimate company. They are typically fraudulent email messages appearing to come from your university, your Internet service provider, or your bank.

Proxy Server: Proxy servers are computer applications or computer systems that act as an intermediary for requests made between devices and the Internet.

Ransomware: Ransomware is a malicious program that causes your computer or server to be sabotaged and held at ransom until money is paid to release it.

Red Flags Rule: Regulations that were included in the Fair Credit Reporting Act requiring financial institutions to identify red flags signaling possible ID theft or fraud.

Rootkits: Rootkits allow viruses or malware to pose as necessary files in order to trick your anti-virus software into thinking it’s a required file.

Sandbox: A sandbox is used to run untrusted, untested code or programs without risking your own operating system or computer while determining whether the code or program contains something malicious.

Scareware: Scareware is a dangerous computer program that scares a user into paying for a useless product or downloading a program such as malware.

Script Kiddie: Script kiddie is someone who’s not skilled enough to design their own computer attacks, but instead relies on programs created by others.

SEO Poisoning: SEO poisoning is the use of search engine optimization to make a dangerous site appear legitimate & prominent in results of an online search.

Shoulder Surfing: Shoulder surfing is the name given to the procedure that identity thieves use to find out your PIN. They either hang around close to the ATM, or wherever you may be entering your PIN. Once they have your PIN, you’re in trouble.

Skimming: Skimming is a method identity thieves use to get your personal information. It’s usually done by an employee of a restaurant, gas station, or any other place where you swipe your card. They have little swiping tools of their own, which they use to quickly swipe your card. A good way to prevent skimming is always swipe your own card.

Smurf Attack: A smurf attack is a type of denial of service (DDoS) attack that causes computer networks to become inoperable by targeting vulnerabilities.

Sniffing: Sniffing in computer terms refers to the act of spying on network traffic between a computer and a website or between two computers.

Social Networks: Those range from Facebook to Twitter. The bad guys surf them to collect photos and data in order to construct identities for themselves. Young people are especially vulnerable since they tend to be trusting on those networks.

Spoofing: Spoofing occurs when someone with malicious intent fools or impersonates a particular device or user on a computer network to steal data.

Spyware: Software that is installed in a computer without the user’s knowledge and collects and transmits information about the user’s computer activities. This can include the ability to collect login and password information.

SSL & TLS Encryption: SSL and TLS Encryption were created to keep your information protected from unwanted eyes while transferring personal information on the web.

Synthetic Identity Theft: With synthetic identity theft, criminals create a new identity by piecing together real and fake information from various sources.

Tabnabbing: Tabnabbing is a specific type of attack where a fake, malicious website will replace a legitimate website already open on a web browser.

Trojan Horse: A Trojan horse is a type of malware that’s disguised as legitimate software. They’re used by hackers to gain access to a user’s computer. Once activated, they can allow the cyber thief to spy on you, steal your data, and gain access to your system.

Tunneling: Tunneling is a process of sending data – typically private communications – from one network to another through a public network.

Two-Factor Authentication: Two-factor authentication is an added layer of protection that requires a password along with a second method of verifying your identity.

Typosquatting: When cyber-criminals target people that type a web address incorrectly and send the them to an alternate website that may or may not mirror the original website searched for.

Vishing: Vishing is a combination of “voice” and “phishing,” an online scam aimed at getting users to hand over their private, sensitive information.

Wardriving: Wardriving is when hackers seek out unsecured Wi-Fi networks to capture private data, in order to steal and use for criminal activity.

Whaling: Whaling is a type of phishing scam that targets high-profile victims such as a CEO, CFO or other executive, typically in a private company.

White Hat Hacker: A white hat hacker is someone who follows the law and the unwritten code of ethics that exists in the computer world.

Leave a Reply

Your email address will not be published.