Key terms and concepts related to scams, phishing, and security incidents. This glossary is maintained as part of the ScamWard repository to support awareness and education.
Definition: A fraudulent attempt to obtain sensitive information (login credentials, credit card data) by pretending to be a trustworthy entity, usually via email or fake websites.
Why it matters: Still the #1 attack vector for breaches. User awareness is the first line of defense.
Definition: Phishing attempts conducted via SMS messages.
Why it matters: Growing attack type as users increasingly trust mobile messages. Often used for fake delivery notices or bank alerts.
Definition: The use of psychological manipulation to trick individuals into divulging confidential information or performing actions that compromise security.
Why it matters: Exploits human behavior, not technology. Harder to patch, requires awareness training.
Definition: When a vendor updates or changes a product to remediate a bug, vulnerability, or unintended behavior without officially acknowledging that an incident occurred.
Why it matters: Protects vendor reputation, but reduces transparency. SOC analysts should always compare vendor statements with observed changes.
Definition: A structured record of a suspected or confirmed security or privacy event, including timeline, impact, and resolution.
Why it matters: Provides accountability, supports learning, and can serve as evidence for audits or regulatory inquiries.
Definition: A vulnerability in software or hardware that is unknown to the vendor and therefore has zero days of protection or patches available.
Why it matters: Highly valuable to attackers. Disclosure and patch management processes are critical.
Definition: The process of quickly assessing incoming alerts or incidents to determine severity, scope, and priority.
Why it matters: SOC analysts face alert overload; triage ensures resources are spent on real threats.
Definition: A piece of forensic data (IP address, domain, file hash, registry key, etc.) that indicates a system may have been breached.
Why it matters: Helps analysts detect, investigate, and block malicious activity.
Definition: An alert that suggests malicious activity but is actually benign.
Why it matters: Too many false positives waste analyst time and can hide real threats in the noise.
This glossary will be expanded as new cases and concepts are documented.