Glos­sary

This is a method for encrypting data. AES can for instance be used to encrypt trans­mis­sions inside a WLAN (WPA2, WPA3) net­work. This encrypts any­thing exchanged between the WLAN router and a device con­nected wirelessly.

See also: Wi-Fi Pro­tected Access, Wire­less Local Area Net­work (WLAN)

This is made up from the words “adver­tise­ment” and “soft­ware” and denotes pro­grams which show users ads while the actual pro­gram is run­ning, or install addi­tional soft­ware to dis­play ads.

See also: Mal­ware

Char­acter coding con­taining 95 print­able and 33 non-print­able char­ac­ters. The print­able char­ac­ters include the Latin alphabet (A-Z, a-z), the ten Arabic numerals (0-9) as well as some punc­tu­a­tion marks (sen­tence sym­bols, word sym­bols) and other spe­cial characters.

See also: Uni­code

This is a process where the pur­ported iden­tity of a person or device is checked based on one or sev­eral spe­cific char­ac­ter­is­tics (e. g. pass­word, chip card or finger print).

See also: Two-factor authen­tifi­ca­tion (2FA), Autho­ri­sa­tion

The allo­ca­tion of per­mis­sions. Based on per­mis­sions, autho­ri­sa­tion is granted to access resources (e. g. files, soft­ware, pay­ments, etc.) after suc­cessful iden­ti­fi­ca­tion and authentication.

See also: Authen­tifi­ca­tion

A “back door” in rela­tion to soft­ware usu­ally denotes non-doc­u­mented access which allows man­u­fac­turers (or third par­ties) to access users’ soft­ware or data from the outside.

See also: Mal­ware

Data back-up, where elec­tronic infor­ma­tion (data) is copied to an external storage medium (e. g. an external hard drive). Back-ups are gen­er­ally run at reg­ular intervals.

This is the smallest infor­ma­tion unit in elec­tronic data pro­cessing, equiv­a­lent to a yes/no deci­sion or 0/1 in a dig­ital data record.

A series of inter­con­nected blocks of infor­ma­tion secured by cryp­to­graphic means. The best-known Blockchain appli­ca­tion is Bit­coin, with Blockchain pro­viding the manip­u­la­tion-proof account book with all transactions.

See also: Cryp­tocur­rency

This is a stan­dard for wire­less com­mu­ni­ca­tion across small dis­tances. Trans­mis­sion power is up to 1MBit per second, with a range of up to 100 meters.

These are net­works usu­ally con­sisting of sev­eral thou­sand devices linked with each other after being infected with mal­ware. Illegal botnet oper­a­tors usu­ally install bots without a device owner’s knowl­edge on the unit to abuse its resources for their pur­poses, for instance dis­trib­uted DDoS attacks, sending out spam mails or mining crypto cur­ren­cies. Most bots can be mon­i­tored via a com­mu­ni­ca­tion channel by a bot net oper­ator and can receive commands.

See also: Dis­trib­uted denial of ser­vice (DDoS), Cryp­tocur­rency, Mal­ware

A spe­cial com­puter pro­gram to dis­play web­sites on the World Wide Web (WWW) or data and doc­u­ments in gen­eral. The most impor­tant browsers used on the Internet are Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari.

See also: World Wide Web (WWW)

Denotes fast buffer memory to be able to pro­vide data quickly (in case of repeated access).  In the con­text of the Internet, browsers will store con­tent of web­sites vis­ited, so that they don’t have to be re-down­loaded during the next visit, and the site can there­fore be dis­played more quickly.

These are text files gen­er­ated when retrieving a web­site and then stored on the visitor’s device. This facil­i­tates the recog­ni­tion of vis­i­tors during future visits. Vis­i­tors can for instance be auto­mat­i­cally logged in, or items in their shop­ping cart restored, this way.

Cookies are how­ever also used by adver­tising net­works to record user behav­iour and dis­play adverts in a tar­geted manner.

During the process of crypto mining, the units (coins) of a cryp­tocur­rency (e. g. Bit­coin) are gen­er­ated and new trans­ac­tions ver­i­fied. Since cryp­tocur­ren­cies are gen­er­ally not issued by a super­or­di­nate insti­tu­tion, so-called crypto miners are needed to record, verify and reg­ister all transactions

See also: Cryp­tocur­rency

Cryp­tocur­ren­cies are stored dig­i­tally in so-called wal­lets, pro­tected by access codes.

See also: Cryp­tocur­rency

Cryp­tocur­ren­cies are dig­ital means of exchange/payment or assets using cryp­to­graphic tech­niques to ensure a pay­ment system is secure. When sys­tems are being paral­ysed by mal­ware, cyber-crim­i­nals usu­ally demand a cryp­tocur­rency pay­ment (e. g. bit­coins) to make tracing impossible.

The sci­ence of encryp­tion for the pur­pose of secretly trans­mit­ting and storing information.

Internet users can move almost totally anony­mously on the darknet. This area of the Internet is used by people who attach high impor­tance to their pri­vacy, or who live inside a repres­sive polit­ical system - but also quite fre­quently by criminals.

This is a dig­ital seal which cre­ates a unique con­nec­tion between a nat­ural person and an elec­tronic doc­u­ment (e.g. e-mail), which cannot be manip­u­lated. In accor­dance with a cer­tain cal­cu­la­tion rule, a check sum (hash value) is com­puted from the doc­u­ment to be signed. The check sum is encrypted using the signatory’s secret key, and then sent to recip­i­ents together with the orig­inal doc­u­ment. Applying the same cal­cu­la­tion rule, they will then create another hash value from the doc­u­ment. Recip­i­ents also encrypt the hash value using the public key of senders which has been cre­ated by senders to start with. If both hash values are iden­tical, they can assume that the doc­u­ment has arrived on their system unal­tered, and that the senders are actu­ally who they pur­port to be.

A DDoS attack is a dis­trib­uted attack on a company’s web­site or server. Many devices (mostly those which are part of a bot net) bom­bard their target with innu­mer­able requests during such an attack. The result: Due to over­load, the attacked web­site or server relents to the pres­sure and is no longer avail­able, or only to a lim­ited degree. Black­mail attempts are fre­quently the reason behind DDoS attacks. If no pay­ment is made, crim­i­nals will threaten to repeat the attacks.

See also: Botnet

This is the name under which a resource (e. g. a web­site) can be reached. Every domain (name) con­sists of sev­eral parts sep­a­rated from each other by a full stop. The domain of this web­site for instance is www.ebas.ch.

This is an Internet ser­vice con­verting a domain name (e. g. www.ebas.ch) into the asso­ci­ated IP address (217.26.54.120).

This is the term used for a device which becomes infected with mal­ware solely by vis­iting a web­site. Web­sites affected often con­tain rep­utable offers and have been com­pro­mised before­hand to dis­tribute mal­ware. Simply “surfing” to an affected web­site is enough to infect a device.

See also: Mal­ware

The term dropper (mal­ware) denotes a small pro­gram with the single aim of exe­cuting (usu­ally more exten­sive) mal­ware pro­grams on a system.

A down­loader is a dropper which down­loads more mal­ware from the Internet.

See also: Mal­ware

An exploit is a term denom­i­nating mali­cious soft­ware which specif­i­cally exploits a cer­tain vul­ner­a­bility to com­pro­mise a system.

This is a process which makes it pos­sible to check a cryp­to­graphic key without having to match the whole key. This can for instance be used to check the authen­ticity of a cer­tifi­cate upon which a TLS/SSL con­nec­tion is based. A fin­ger­print is usu­ally dis­played as a hexa­dec­imal char­acter string con­sisting of the let­ters A-F and the num­bers 0-9.

This is a secu­rity system which pro­tects a com­puter net­work or an indi­vidual device against unwanted net­work access.

This is a cross ref­er­ence, for instance to web­sites, which makes it pos­sible to jump to another elec­tronic doc­u­ment or a dif­ferent loca­tion inside a doc­u­ment when clicked. On the WWW, the target addresses of such jumps could also be other websites.

Pre­senting your­self under a false iden­tity. In the con­text of e-banking, this means that a third party logs into a finan­cial institution’s site with someone else’s access data and there­fore under someone else’s name. This then gives the third party unlim­ited account access. For the finan­cial insti­tu­tion, it becomes exceed­ingly dif­fi­cult to dis­tin­guish whether they are com­mu­ni­cating with cus­tomers them­selves, with an inter­me­diary on their behalf, or with a crim­inal attacker. Imper­son­ation is used in classic-style phishing attacks and when third party providers access bank accounts.

Col­lec­tive term for tech­nolo­gies facil­i­tating the con­nec­tion of phys­ical or vir­tual objects in a net­work to allow them to com­mu­ni­cate with each other. Such devices are gen­er­ally fitted with sen­sors to record infor­ma­tion from their envi­ron­ment, and embedded soft­ware to link and exchange data with other devices and sys­tems. Some typ­ical exam­ples are home con­trol (heating), health mon­i­toring (sports watches) or envi­ron­mental mon­i­toring (weather stations).

This is an address in com­puter net­works based on the Internet Pro­tocol (IP). It is allo­cated to devices con­nected to the Net, and ren­ders devices address­able, and hence reachable.

See also: Trans­mis­sion Con­trol Protocol/Internet Pro­tocol (TCP/IP), Domain Name System (DNS)

Non-autho­rised removal of usage restric­tions, in par­tic­ular with smart­phones. With a Jail­break, spe­cial soft­ware is used to modify the oper­ating system to obtain access to internal func­tions and the file system. As a result, the secu­rity and sta­bility of your oper­ating system can be severely affected.

This is an object-ori­en­tated and plat­form-inde­pen­dent pro­gram­ming lan­guage. To run Java pro­grams, the Java run­time envi­ron­ment will have to be installed on a computer.

This is a script lan­guage for the dynamic design of web­sites. JavaScript makes it pos­sible to change or reload con­tent, so that search sug­ges­tions for instance can already be dis­played while inputting a term.

Mal­ware log­ging the key­board entries of users hoping to cap­ture log-in data, for instance pass­words, this way.

See also: Mal­ware

This is a local net­work. Inside such a net­work, work sta­tions, servers and aux­il­iary devices are con­nected to each other across a dis­tance of up to a few hun­dred meters, usu­ally inside a building or group of buildings.

See also: Wire­less Local Area Net­work (WLAN)

This is the process of log­ging in, for instance to use a device or an online ser­vice. This process usu­ally serves to advise the system that a ses­sion is about to start now, and that users would like to be con­nected to one of their user accounts, e. g. their e-banking account.

See also: Log­ging out, Authen­tifi­ca­tion

This is when users log out of sys­tems. Users instruct the system to ter­mi­nate the cur­rent ses­sion this way.

See also: Log­ging in

Some pro­grams (for instance Microsoft Office, Adobe Acrobat) allow users to auto­mate cer­tain actions using small pro­grams – so-called macros, actions or scripts. How­ever, attackers also like to abuse these to embed mali­cious code (mal­ware) in seem­ingly innocuous-looking documents.

See also: Mal­ware

The term is made up of the terms “mali­cious” and “soft­ware”. Mal­ware is the generic term for soft­ware which exe­cutes mali­cious func­tions on a device (such as viruses, worms, Tro­jans, ransomware).

See also: Adware, Back door, Botnet, Drive-By Down­load, Key log­gers, Ran­somware, Rootkit, Scare­ware, Ses­sion Riding, Spy­ware, Trojan Horse, Virus, Worm

With a Man-in-the-Middle attack, a third party or a mal­ware will inter­vene into an e-banking ses­sion by inter­posing itself unno­ticed between a user’s device and a finan­cial institution’s server, to then take con­trol of data traffic.

See also: Phishing, Pharming

This is the indi­vidual iden­ti­fi­ca­tion number of a net­work device (e. g. WLAN con­nec­tion). This ID is usu­ally set at the fac­tory. It could be com­pared to a car’s chassis number.

The term Money Mule (and also finan­cial agent) denotes people receiving funds into their own bank account to pass them on abroad against a fee. These funds almost always come from illegal deals. Money mules are gen­er­ally recruited via lucra­tive job ads offering fast and high earning poten­tials. Anyone par­tic­i­pating in such “deals” and trans­ac­tions risks pros­e­cu­tion for aiding and abet­ting money laun­dering transactions.

The National Cyber Secu­rity Centre (NCSC) is the com­pe­tence centre of the Bund für Cyber­sicher­heit (the Cyber Secu­rity Fed­er­a­tion) and hence the first port of call for busi­nesses, admin­is­tra­tion, edu­ca­tional insti­tu­tions and the pop­u­la­tion for any ques­tions involving cyber security.

Internet banks offer their prod­ucts exclu­sively via the Internet. Internet banks have no phys­ical branches, keeping their fees for the prod­ucts on offer rel­a­tively low. Due to the lim­ited points of con­tact avail­able, the level of sup­port offered can be dras­ti­cally dif­ferent from those of tra­di­tional finan­cial institutions.

A pro­gram run on a device to manage system resources, such as processor, storage media and input and output devices, and which offers these resources to appli­ca­tion pro­grams (soft­ware). Some well-known oper­ating sys­tems are Win­dows, macOS, Linux, Android and iOS.

Serves for authen­ti­ca­tion. This means agreeing on and using a char­acter string for someone, usu­ally a person, to iden­tify them­selves and con­firming their own iden­tity this way.

A good pass­word should have at least 12 char­ac­ters and con­sist of num­bers, upper and lower case let­ters as well as spe­cial characters.

See also: Authen­tifi­ca­tion

This is a pro­gram cor­rec­tion which repairs bugs in soft­ware. Most patches are offered free-of-charge for down­load by soft­ware man­u­fac­turers on their web­site, or dis­trib­uted automatically.

See also: Upgrade

Just like classic phishing, pharming belongs to the Man-in-the-Middle group of attacks. With pharming, you will be redi­rected to a fake web­site by means of an IP address and domain allo­ca­tion manipulation.

See also: Man-in-the-Middle (MitM)

This term is made up from the words “pass­word” and “fishing”. Attackers use phishing to obtain con­fi­den­tial data from unsus­pecting Internet users. These might for instance involve access data for your e-banking facility or account infor­ma­tion of online shops. Per­pe­tra­tors abuse their vic­tims’ good faith and help­ful­ness by pur­porting to be, say, an employee of a trust­worthy finan­cial institution.

There are a variety of other vari­a­tions such as Vishing (voice phishing or phone phishing), Smishing (SMS / text phishing) and QR phishing in addi­tion to classic phishing via e-mail.

See also: Man-in-the-Middle (MitM)

This is the provider of access to the Internet, i.e. the organ­i­sa­tion or com­pany enabling users to con­nect their device to the Internet.

Orig­i­nally, QR codes were used to mark assem­blies and com­po­nents in the car man­u­fac­turing sector. Nowa­days, QR codes are also used for invoices (QR invoices) as well as in the pub­lishing and mar­keting sec­tors to link phys­ical objects (prod­ucts, print media, posters, etc.) with the online world and make addi­tional infor­ma­tion avail­able this way. As the con­tents of QR codes cannot readily be decoded by humans, these codes have to be scanned in first, e. g. using a smartphone.

Users cannot usu­ally see what kind of infor­ma­tion is coded into them before scan­ning in a QR code. If pos­sible, they should there­fore use a QR code scanner (app) which dis­plays the decoded con­tents first and asks them whether they would actu­ally like to visit a link or exe­cute a cer­tain action.

Example QR code by “eBanking – but secure!”

This is mal­ware which encrypts files on a device and any net­work drives and storage media con­nected with it (e. g. external hard drives, cloud storage media) and demands a ransom payment.

See also: Mal­ware

Appli­ca­tions enabling users to operate com­puter sys­tems remotely. Pri­marily, this serves to transmit mon­itor dis­plays, key­strokes and mouse move­ments across longer dis­tances between a system and its users.

This is a soft­ware aiming to hide cer­tain files, folders, processes or system entries from users and often also from your secu­rity soft­ware (anti-virus soft­ware). A rootkit in itself is not actu­ally “harmful”, but an indi­ca­tion that mal­ware is present on a computer.

See also: Mal­ware

This term is made up from the words “scare” and “soft­ware”. Based on mis­leading alert mes­sages pointing e. g. to an infec­tion of your device, you are sup­posed to become so scared and unset­tled that you feel actu­ally pres­sured, for instance into buying a dubious “anti-virus pro­gram” (which is then useless).

See also: Mal­ware

This is the descrip­tion of the pre­de­cessor of Trans­port Layer Secu­rity (TLS).

See also: Trans­port Layer Secu­rity (TLS)

A secu­rity gap is a term denom­i­nating a vul­ner­a­bility found in any hard­ware or soft­ware which could trigger unex­pected, unwanted system behav­iour under cer­tain conditions.

See also: Vul­ner­a­bility

This is the name of a WLAN.

See also: Wire­less Local Area Net­work (WLAN)

Con­trary to phishing and pharming, ses­sion riding does not con­sti­tute a Man-in-the-Middle attack. Instead of diverting log-in infor­ma­tion via an attacker, with ses­sion riding, any com­mu­ni­ca­tion with a finan­cial insti­tu­tion is manip­u­lated straight on the victim’s device. To manip­u­late com­mu­ni­ca­tions this way, mal­ware which has infected a user’s device is to blame.

See also: Mal­ware

This is an attack which does not really take place by tech­nical, but by psy­cho­log­ical means. It is a wide-spread method of snooping on con­fi­den­tial infor­ma­tion. This always tar­gets humans. To obtain such con­fi­den­tial infor­ma­tion, it is not only people’s credulity and help­ful­ness which are being exploited, but also their inse­cu­ri­ties. Any­thing from faked tele­phone calls to people pre­tending to be someone else and phishing attacks is possible.

This is the umbrella term for unwanted e-mails which often con­tain adver­tising mate­rials. Phishing mails, aiming to steal per­sonal data from the recip­ient, also count as spam.

See also: Spam filter

Fil­ters unwanted spam e-mails from your inbox.

See also: Spam

This is mal­ware cap­turing infor­ma­tion about a device and user online behav­iour without their knowl­edge, and then passing it on. The recip­i­ents of this infor­ma­tion can then recon­struct a user’s habits when surfing and online shop­ping. Such spy­ware is usu­ally set up when share­ware or free­ware soft­ware is installed on a device, too.

See also: Mal­ware

This is a kind of one-off pass­word which is used in addi­tion to a pass­word or PIN. TANs can be gen­er­ated and dis­played to users in dif­ferent ways - e. g. mobile TANs (mTAN) which is trans­mitted by finan­cial insti­tu­tions to users via a SMS, or photo TANs, which are dis­played after decrypting a coloured mosaic pattern.

This is a pro­tocol suite com­prising the under­lying com­mu­ni­ca­tion pro­to­cols of the Internet.  These are also fre­quently used inside pri­vate networks.

This is a hybrid encryp­tion pro­tocol for secure data trans­mis­sion on the Internet.

See also: Secure Sockets Layer (SSL)

Mal­ware dis­guising itself as some­thing useful or a game, how­ever with com­pletely dif­ferent objec­tives in reality. Tro­jans can for instance cap­ture, change or delete pass­words or other con­fi­den­tial data, or transmit them to an attacker.

See also: Mal­ware

With so-called two-factor authen­tifi­ca­tion, a second, inde­pen­dent secu­rity com­po­nent is requested in addi­tion to the first secu­rity com­po­nent (gen­er­ally a pass­word) . This might be a code sent to your mobile phone or gen­er­ated directly on your device.

See also: Log­ging in, Authen­tifi­ca­tion

An inter­na­tional stan­dard, which lays down a dig­ital code for all mean­ingful char­ac­ters or text ele­ments of all known written cul­tures and char­acter sys­tems for the long term. The pur­pose is to do away with dif­ferent and incom­pat­ible cod­ings in dif­ferent coun­tries or cul­tural areas, Uni­code is con­tin­u­ously com­ple­mented by addi­tional scripts.

See also: Amer­ican Stan­dard Code for Infor­ma­tion Inter­change (ASCII)

Denotes the address of a web­site - e. g. https://www.ebas.ch. In con­trast to a domain, a Url also com­prises the pro­tocol (e. g. https://) and poten­tially details such as the port (e. g. :80)

See also: Domain (Domain name)

pro­gram actu­al­i­sa­tion which often also repairs bugs in soft­ware. Most updates are offered free-of-charge for down­load by soft­ware man­u­fac­turers on their web­site, or dis­trib­uted automatically.

See also: Patch, Upgrade

Expansion/extension of a system or soft­ware. The term “upgrade” was first only used for a hard­ware-related exten­sion, although it is now (almost) syn­ony­mous with “update”. Some soft­ware providers dif­fer­en­tiate between a free-of-charge update (usu­ally pro­vided to resolve errors, etc.) and a fee-based upgrade (usu­ally also con­taining some addi­tional features).

See also: Patch

This is the name used by users to iden­tify them­selves in a system. When log­ging into a pro­gram or ser­vice (e. g. when e-banking), you will usu­ally be asked for a user name and pass­word. These will serve to iden­tify autho­rised users.

See also: Authen­tifi­ca­tion, Log­ging in

Des­ig­nates a vir­tual pri­vate (self-con­tained) com­mu­ni­ca­tions net­work. VPNs are gen­er­ally used to con­nect a device via an existing (unse­cured) net­work, for instance the Internet, to another (secured) one, for instance a com­pany net­work, in a safe manner. In the process, con­tent is pro­tected by way of encryp­tion (end to end encryp­tion) during transmission.

Although every user is still aware of this term, there are gen­er­ally hardly any real (com­pany) viruses in cir­cu­la­tion any longer today. A classic (com­puter) virus infects existing files on a device in the hope that one of them is passed on to another user. If mal­ware does not make any attempt to actively dis­tribute itself, you call it a virus. If mal­ware how­ever is able to also spread auto­mat­i­cally, e. g. by e-mail, you call it a worm.

See also: Mal­ware, Worm

A vul­ner­a­bility is a term denom­i­nating a vul­ner­a­bility found in any hard­ware or soft­ware which could trigger unex­pected, unwanted system behav­iour under cer­tain conditions.

Wi-Fi Pro­tected Access is a method of encryp­tion used for wire­less net­works (Wi-Fi) which in con­trast to WEP pro­vides addi­tional pro­tec­tion via a dynamic key. WPA2 is the suc­cessor of WPA, although vul­ner­a­bil­i­ties are still known for both WPA and WPA2. Because of var­ious attacks on the WPA and WPA2 process, it is prefer­able to use their suc­cessor WPA3.

See also: Advanced Encryp­tion Stan­dard (AES), Wire­less Local Area Net­work (WLAN)

This is a cable-free, local net­work or a wire­less net­work. This can also be called Wi-Fi.

See also: Advanced Encryp­tion Stan­dard (AES), Local Area Net­work (LAN), Ser­vice Set Iden­ti­fier (SSID), Wi-Fi Pro­tected Access

The WWW was devel­oped by the Euro­pean Research Centre for Nuclear Physics (CERN) in Lau­sanne (Switzer­land) as a hyper­media system for the Internet in 1993. The other agency involved in this devel­op­ment was the NCSA (National Center for Super­com­puting Appli­ca­tions, Uni­ver­sity of Illi­nois, USA). By now, the WWW Con­sor­tium (W3C) is devel­oping the WWW further.

See also: Browser

Worms, just like viruses, are no longer such a wide­spread type of mal­ware today. A worm is a small pro­gram which dis­trib­utes copies by itself, e. g. via e-mail, SMS or via a vulnerability.

See also: Mal­ware, Virus