This is a method for encrypting data. AES can for instance be used to encrypt transmissions inside a WLAN (WPA2) network. This encrypts anything exchanged between the WLAN router and a device connected wirelessly.
American Standard Code for Information Interchange
Character coding containing 95 printable and 33 non-printable characters. The printable characters include the Latin alphabet (A-Z, a-z), the ten Arabic numerals (0-9) as well as some punctuation marks (sentence symbols, word symbols) and other special characters.
The allocation of permissions. Based on permissions, authorisation is granted to access resources (e. g. files, software, payments, etc.) after successful identification and authentication.
Data back-up, where electronic information (data) is copied to an external storage medium (e. g. an external hard drive). Back-ups are generally run at regular intervals.
This is the smallest information unit in electronic data processing, equivalent to a yes/no decision or 0/1 in a digital data record.
This is a standard for wireless communication across small distances. Transmission power is up to 1MBit per second, with a range of up to 100 meters.
These are networks usually consisting of several thousand devices linked with each other after being infected with malware. Illegal botnet operators usually install bots without a device owner’s knowledge on the unit to abuse its resources for their purposes, for instance distributed DDoS attacks, sending out spam mails or mining crypto currencies. Most bots can be monitored via a communication channel by a bot net operator and can receive commands.
A special computer program to display websites on the World Wide Web (WWW) or data and documents in general. The most important browsers used on the Internet are Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari.
Denotes fast buffer memory to be able to provide data quickly (in case of repeated access). In the context of the Internet, browsers will store content of websites visited, so that they don’t have to be re-downloaded during the next visit, and the site can therefore be displayed more quickly.
These are text files generated when retrieving a website and then stored on the visitor’s device. This facilitates the recognition of visitors during future visits. Visitors can for instance be automatically logged in, or items in their shopping cart restored, this way.
Cookies are however also used by advertising networks to record user behaviour and display adverts in a targeted manner.
Internet users can move almost totally anonymously on the darknet. This area of the Internet is used by people who attach high importance to their privacy, or who live inside a repressive political system - but also quite frequently by criminals.
This is a digital seal which creates a unique connection between a natural person and an electronic document (e.g. e-mail), which cannot be manipulated. In accordance with a certain calculation rule, a check sum (hash value) is computed from the document to be signed. The check sum is encrypted using the signatory’s secret key, and then sent to recipients together with the original document. Applying the same calculation rule, they will then create another hash value from the document. Recipients also encrypt the hash value using the public key of senders which has been created by senders to start with. If both hash values are identical, they can assume that the document has arrived on their system unaltered, and that the senders are actually who they purport to be.
Distributed denial of service
A DDoS attack is a distributed attack on a company’s website or server. Many devices (mostly those which are part of a bot net) bombard their target with innumerable requests during such an attack. The result: Due to overload, the attacked website or server relents to the pressure and is no longer available, or only to a limited degree. Blackmail attempts are frequently the reason behind DDoS attacks. If no payment is made, criminals will threaten to repeat the attacks.
This is the name under which a resource (e. g. a website) can be reached. Every domain consists of several parts separated from each other by a full stop. The domain of this website for instance is www.ebas.ch.
Domain Name System
This is an Internet service converting a domain name (e. g. www.ebas.ch) into the associated IP address (184.108.40.206).
This is the term used for a device which becomes infected with malware solely by visiting a website. Websites affected often contain reputable offers and have been compromised beforehand to distribute malware. Simply “surfing” to an affected website is enough to infect a device.
This is a process which makes it possible to check a cryptographic key without having to match the whole key. This can for instance be used to check the authenticity of a certificate upon which a TLS/SSL connection is based. A fingerprint is usually displayed as a hexadecimal character string consisting of the letters A-F and the numbers 0-9.
This is a security system which protects a computer network or an individual device against unwanted network access.
This is a cross reference, for instance to websites, which makes it possible to jump to another electronic document or a different location inside a document when clicked. On the WWW, the target addresses of such jumps could also be other websites.
Presenting yourself under a false identity. In the context of e-banking, this means that a third party logs into a financial institution’s site with someone else’s access data and therefore under someone else’s name. This then gives the third party unlimited account access. For the financial institution, it becomes exceedingly difficult to distinguish whether they are communicating with customers themselves, with an intermediary on their behalf, or with a criminal attacker. Impersonation is used in classic-style phishing attacks and when third party providers access bank accounts.
Internet protocol address
This is an address in computer networks based on the Internet Protocol (IP). It is allocated to devices connected to the Net, and renders devices addressable, and hence reachable.
Non-authorised removal of usage restrictions, in particular with smartphones. With a Jailbreak, special software is used to modify the operating system to obtain access to internal functions and the file system. As a result, the security and stability of your operating system can be severely affected.
This is an object-orientated and platform-independent programming language. To run Java programs, the Java runtime environment will have to be installed on a computer.
Malware logging the keyboard entries of users hoping to capture log-in data, for instance passwords, this way.
This is a local network. Inside such a network, work stations, servers and auxiliary devices are connected to each other across a distance of a few hundred meters, usually inside a building or group of buildings.
This is the process of logging in, for instance to use a device or an online service. This process usually serves to advise the system that a session is about to start now, and that users would like to be connected to one of their user accounts, e. g. their e-banking account.
The term is made up of the terms “malicious” and “software”. Malware is the generic term for software which executes malicious functions on a device (such as viruses, worms, Trojans, ransomware).
With a Man-in-the-Middle attack, malware will intervene into an e-banking session by interposing itself unnoticed between a user’s device and a financial institution’s server, to then take control of data traffic.
This is the individual identification number of a network device (e. g. WLAN connection). This ID is usually set at the factory. It could be compared to a car’s chassis number.
The term Money Mule (and also financial agent) denotes people receiving funds into their own bank account to pass them on abroad against a fee. These funds almost always come from illegal deals. Money mules are generally recruited via lucrative job ads offering fast and high earning potentials. Anyone participating in such “deals” and transactions risks prosecution for aiding and abetting money laundering transactions.
A program run on a device to manage system resources, such as processor, storage media and input and output devices, and which offers these resources to application programs (software). Some well-known operating systems are Windows, macOS, Linux, Android and iOS.
Serves for authentication. This means agreeing on and using a character string for someone, usually a person, to identify themselves and confirming their own identity this way.
A good password should have at least 10 characters and consist of numbers, upper and lower case letters as well as special characters.
This is a program correction which repairs bugs in software. Most patches are offered free-of-charge for download by software manufacturers on their website, or distributed automatically.
Just like classic phishing, pharming belongs to the Man-in-the-Middle group of attacks. With pharming, you will be redirected to a fake website by means of an IP address and domain allocation manipulation.
This term is made up from the words “password” and “fishing”. Attackers use phishing to obtain confidential data from unsuspecting Internet users. These might for instance involve access data for your e-banking facility or account information of online shops. Perpetrators abuse their victims’ good faith and helpfulness by purporting to be, say, an employee of a trustworthy financial institution.
There are a variety of other variations such as Vishing (voice phishing or phone phishing) and QR phishing in addition to classic phishing via e-mail.
This is the provider of access to the Internet, i.e. the organisation or company enabling users to connect their device to the Internet.
Quick Response code
Originally, QR codes were used to mark assemblies and components in the car manufacturing sector. Nowadays, QR codes are also used in the publishing and marketing sectors to link physical objects (products, print media, posters, etc.) with the online world and make additional information available this way. As the contents of QR codes cannot readily be decoded by humans, these codes have to be scanned in first, e. g. using a smartphone.
Users cannot usually see what kind of information is coded into them before scanning in a QR code. If possible, they should therefore use a QR code scanner (app) which displays the decoded contents first and asks them whether they would actually like to visit a link or execute a certain action.
Example QR code by “eBanking – but secure!”
This is malware which encrypts files on a device and any network drives and storage media connected with it (e. g. external hard drives, cloud storage media) and demands a ransom payment.
This is a software aiming to hide certain files, folders, processes or system entries from users and often also from your security software (anti-virus software). A rootkit in itself is not actually “harmful”, but an indication that malware is present on a computer.
This term is made up from the words “scare” and “software”. Based on misleading alert messages pointing to an infection of your device, you are supposed to become so scared and unsettled that you feel actually pressured, for instance into buying a dubious “anti-virus program” (which is then useless).
Contrary to phishing and pharming, session riding does not constitute a Man-in-the-Middle attack. Instead of diverting log-in information via an attacker, with session riding, any communication with a financial institution is manipulated straight on the victim’s device. To manipulate communications this way, malware which has infected a user’s device is to blame.
This is an attack which does not really take place by technical, but by psychological means. It is a wide-spread method of snooping on confidential information. This always targets humans. To obtain such confidential information, it is not only people’s credulity and helpfulness which are being exploited, but also their insecurities. Anything from faked telephone calls to people pretending to be someone else and phishing attacks is possible.
This is the umbrella term for unwanted e-mails which often contain advertising materials. Phishing mails, aiming to steal personal data from the recipient, also count as spam.
This is malware capturing information about a device and user online behaviour without their knowledge, and then passing it on. The recipients of this information can then reconstruct a user’s habits when surfing and online shopping. Such spyware is usually set up when shareware or freeware software is installed on a device, too.
This is a kind of one-off password which is used in addition to a password or PIN. TANs can be generated and displayed to users in different ways - e. g. mobile TANs (mTAN) which is transmitted by financial institutions to users via a SMS, or photo TANs, which are displayed after decrypting a coloured mosaic pattern.
Transmission Control Protocol/Internet Protocol
This is a protocol suite comprising the underlying communication protocols of the Internet. These are also frequently used inside private networks.
Transport Layer Security
This is a hybrid encryption protocol for secure data transmission on the Internet.
Malware disguising itself as something useful or a game, however with completely different objectives in reality. Trojans can for instance capture, change or delete passwords or other confidential data, or transmit them to an attacker.
With so-called two-factor authentification, a second, independent security component is requested in addition to the first security component (generally a password) . This might be a code sent to your mobile phone or generated directly on your device.
An international standard, which lays down a digital code for all meaningful characters or text elements of all known written cultures and character systems for the long term. The purpose is to do away with different and incompatible codings in different countries or cultural areas, Unicode is continuously complemented by additional scripts.
Denotes the address of a website - e. g. https://www.ebas.ch. In contrast to a domain, a Url also comprises the protocol (e. g. https://) and potentially details such as the port (e. g. :80)
Expansion/extension of a system or software. The term “upgrade” was first only used for a hardware-related extension, although it is now (almost) synonymous with “update”. Some software providers differentiate between a free-of-charge update (usually provided to resolve errors, etc.) and a fee-based upgrade (usually also containing some additional features).
This is the name used by users to identify themselves in a system. When logging into a program or service (e. g. when e-banking), you will usually be asked for a user name and password. These will serve to identify authorised users.
Although every user is still aware of this term, there are generally hardly any real (company) viruses in circulation any longer today. A classic (computer) virus infects existing files on a device in the hope that one of them is passed on to another user. If malware does not make any attempt to actively distribute itself, you call it a virus. If malware however is able to also spread automatically, e. g. by e-mail, you call it a worm.
Wi-Fi Protected Access is a method of encryption used for wireless networks (Wi-Fi) which in contrast to WEP provides additional protection via a dynamic key. WPA2 is the successor of WPA, although vulnerabilities are still known for both WPA and WPA2. Because of various attacks on the WPA and WPA2 process, it is preferable to use their successor WPA3.
The WWW was developed by the European Research Centre for Nuclear Physics (CERN) in Lausanne (Switzerland) as a hypermedia system for the Internet in 1993. The other agency involved in this development was the NCSA (National Center for Supercomputing Applications, University of Illinois, USA). By now, the WWW Consortium (W3C) is developing the WWW further.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds: