Phishing noun
Fraudulent attempt to obtain sensitive information (passwords, credit card details) by disguising as a trustworthy entity in electronic communication.
An email claiming to be from PayPal urges you to “verify your account” via a link that leads to a fake login page – your credentials are stolen.
Spear Phishing noun
Targeted phishing attack against a specific individual or organization, using personal details to appear legitimate.
A freelancer receives an email referencing their actual Upwork profile, asking them to “update payment info” – it’s a trap.
Whaling noun
Phishing attacks aimed at high‑profile targets like executives or celebrities.
A fake email to the CFO, supposedly from the CEO, requests an urgent $50,000 wire transfer to a “new vendor.”
Smishing / Vishing noun
Phishing via SMS (smishing) or voice calls (vishing).
A text message claims your bank account is locked and provides a phone number – the caller then asks for your OTP.
Quishing noun
Phishing using malicious QR codes that direct victims to fake login pages.
A fake parking ticket has a QR code to “pay fine” – scanning leads to a site that steals credit card details.
Clone Phishing noun
A legitimate email is copied, but links or attachments are replaced with malicious ones.
You receive a genuine‑looking Amazon order confirmation, but the “tracking” link downloads malware.
Man-in-the-Middle (MitM) noun
Attack where the attacker secretly intercepts and possibly alters communication between two parties.
On public Wi‑Fi, an attacker intercepts your login to a crypto exchange, stealing credentials.
SIM Swap noun
Fraud where attacker convinces mobile carrier to transfer victim's phone number to a SIM card they control, bypassing SMS 2FA.
After a SIM swap, the attacker resets your exchange password via SMS and drains your account.
Identity Theft noun
Fraudulent acquisition and use of a person's private identifying information, usually for financial gain.
A criminal uses your stolen SSN to open credit cards and loans in your name.
Synthetic Identity noun
A fake identity created by combining real and fabricated information (e.g., real SSN with fake name).
Fraudsters use a child’s unused SSN combined with a fake address to build credit and take loans.
Account Takeover (ATO) noun
When a criminal gains unauthorized access to a user's account, often via credential stuffing or phishing.
A hacker gains access to your Amazon account and orders gift cards before you notice.
Credential Stuffing noun
Automated injection of stolen username/password pairs to gain unauthorized access to accounts.
Using credentials leaked from a data breach, attackers try them on dozens of sites (PayPal, Coinbase) hoping you reused passwords.
Brute Force Attack noun
Trial‑and‑error method to guess passwords by trying many combinations.
A script tries millions of common passwords against your email account until it finds a match.
Social Engineering noun
Psychological manipulation of people into divulging confidential information or performing actions.
An attacker calls pretending to be IT support, convincing you to reveal your password to “fix” an issue.
Pretexting noun
A form of social engineering where the attacker creates a fabricated scenario (pretext) to steal information.
Someone posing as a bank employee says they need to “verify your recent transaction” and asks for your OTP.
Baiting noun
Leaving malware‑infected physical devices (like USB drives) where victims will find them, or enticing online offers.
A “free movie download” link actually installs ransomware that encrypts your files.
Pig Butchering noun
A long‑term investment scam where fraudsters build trust with victims (often via dating apps) before convincing them to invest in fake crypto platforms, then vanish.
A Tinder match chats for weeks, then introduces you to a “crypto trading platform” where you initially profit, but when you invest $50k, you can't withdraw.
Romance Scam noun
Fraud where criminals create fake online personas to build romantic relationships and then ask for money.
Someone you met on a dating site claims an emergency and needs $2,000 for a plane ticket – after you send it, they disappear.
Advance Fee Fraud noun
A victim is promised a large sum of money in return for a small upfront payment, which is then stolen.
“I am a prince needing to transfer $10M out of my country – send $1,000 to cover fees and you'll get $1M.”
Lottery Scam noun
Notification that you've won a lottery or inheritance, but must pay taxes or fees upfront to receive it.
“Congratulations! You won €2M in the Spanish Lottery. Pay €2,500 processing fee to release funds.”
Tech Support Scam noun
Fraudsters pose as technical support (Microsoft, Apple) to gain remote access to your computer or sell unnecessary services.
A pop‑up says “Virus detected! Call Microsoft immediately.” The fake tech asks for credit card to “fix” the non‑existent issue.
Refund Scam noun
Scammer claims you were overcharged and asks for remote access to your computer to “process a refund,” then steals money.
You get a call from “Amazon” saying a $500 refund was issued by mistake; to reverse it, they need access to your bank account.
Recovery Scam noun
A second scam targeting previous scam victims, promising to recover lost funds for an upfront fee.
After losing $10k in a pig butchering scam, you're contacted by a “crypto recovery specialist” who charges $2k upfront – then disappears.
Ponzi Scheme noun
A fraudulent investment where returns are paid to earlier investors using new investors' money, not legitimate profits.
A “high‑yield investment program” promises 20% monthly returns; early investors are paid from new deposits until it collapses.
Pyramid Scheme noun
A non‑sustainable business model where participants earn primarily by recruiting others, not by selling products.
You pay $1,000 to join and earn commissions only by recruiting new members; eventually the pyramid collapses.
Pump and Dump noun
Inflating the price of a stock or crypto through false/misleading statements, then selling at the peak.
A group hypes a low‑cap coin on Telegram, driving price up 500%, then founders sell, crashing the price.
Wash Trading noun
Illegal practice of simultaneously buying and selling the same asset to create misleading volume and attract investors.
A crypto exchange might trade against itself to inflate reported volume and appear more liquid.
Rug Pull noun
A crypto scam where developers create a seemingly legitimate token, attract liquidity, then suddenly withdraw all funds.
A new DeFi token “SquidGame” surges 100,000%, but when investors try to sell, they can't – the devs removed liquidity.
Exit Scam noun
When a business or platform suddenly closes and operators disappear with customer funds.
A crypto exchange that held $1B in user funds suddenly goes offline, and the founders are never seen again.
Honeypot (crypto) noun
A smart contract that appears to have a vulnerability but traps anyone trying to exploit it, often stealing their funds.
A token contract lets you buy but has a hidden restriction preventing any sale – your money is trapped.
Flash Loan Attack noun
Exploiting a DeFi protocol using uncollateralized flash loans to manipulate prices and drain funds.
An attacker borrows $1B, manipulates a DEX price, drains a lending protocol, and repays the loan – all in one block, netting millions.
Oracle Manipulation noun
Attacking a DeFi protocol by manipulating the price feed an oracle provides, causing erroneous liquidations or theft.
A hacker temporarily pumps a low‑liquidity token’s price on a DEX, tricking a lending protocol's oracle into allowing over‑collateralized loans.
MEV Exploit / Sandwich Attack noun
A validator or bot places transactions before and after a user's trade to profit from price movement.
You try to buy $10k of token X; a bot sees your transaction, buys first (driving price up), then sells after your purchase, profiting at your expense.
Front-Running noun
Illegal practice of executing orders on a security or asset based on advance knowledge of pending transactions.
A broker sees a client's large buy order and buys for themselves first, then sells after the price rises.
Approval Phishing / Ice Phishing noun
Tricking users into signing a malicious smart contract approval that gives attackers access to their tokens.
A fake NFT mint site asks you to “approve” a transaction; approving gives the scammer unlimited spending of your USDC.
Dusting Attack noun
Sending tiny amounts of crypto to many wallets to de‑anonymize them by clustering addresses.
You find 0.000001 BTC in your wallet from an unknown address – it's a dusting attack to trace your other wallets.
Sybil Attack noun
Creating many fake identities/nodes to subvert a peer‑to‑peer network's reputation system.
An attacker creates 1000 fake reviews for a scam product on Amazon, boosting its rating.
Eclipse Attack noun
Monopolizing a node's connections to isolate it from the real network, often to feed false information.
An attacker surrounds a miner's node with fake peers, feeding it a false blockchain, causing double‑spend.
Reentrancy Attack noun
Exploit where a smart contract calls an untrusted external contract, which then recursively calls back to drain funds.
The 2016 DAO hack used reentrancy to drain millions of ETH before state updates could prevent it.
Infinite Approval noun
Giving a smart contract permission to spend an unlimited amount of a token, which attackers can abuse if the contract is compromised.
You approve Uniswap to spend unlimited USDT; a bug in Uniswap could let an attacker drain your entire USDT balance.
Clipboard Hijacker noun
Malware that monitors clipboard and replaces copied cryptocurrency addresses with attacker's address.
You copy a BTC address to send $5,000, but the malware replaces it with the scammer's address – funds go to them.
Keylogger noun
Malware that records every keystroke to capture passwords, credit card numbers, and other sensitive data.
A keylogger installed via a phishing email sends your typed exchange passwords to the attacker.
Ransomware noun
Malware that encrypts files and demands payment (usually crypto) for the decryption key.
A hospital's patient records are encrypted; attackers demand 10 BTC to restore access.
Trojan noun
Malicious software disguised as legitimate software; once installed, it can steal data or provide backdoor access.
A cracked version of Photoshop you downloaded contains a Trojan that steals your saved passwords.
Zero-Day noun
A software vulnerability unknown to the vendor; attackers exploit it before a patch exists.
A zero‑day in Chrome allows hackers to install spyware just by visiting a website.
2FA / MFA noun
Two‑factor / Multi‑factor authentication – requiring two or more verification methods to access an account.
Logging into your exchange requires password + a code from Google Authenticator – even if password is stolen, account stays safe.
Authenticator App noun
An app (Google Authenticator, Authy) that generates time‑based one‑time passwords (TOTP) for 2FA.
Even if a scammer has your password, they can't log in without the 6‑digit code from your phone.
Hardware Token (YubiKey) noun
A physical device that provides 2FA via USB/NFC, considered phishing‑resistant.
You must insert your YubiKey and touch it to log into your email – a remote attacker cannot bypass it.
Passkey / Biometrics noun
Passwordless authentication using fingerprint, face recognition, or device‑based keys.
Your phone's Face ID unlocks your password manager, which then autofills complex passwords.
Cold Storage noun
Storing cryptocurrency offline (hardware wallet, paper wallet) to protect against online hacking.
You keep 90% of your BTC on a Ledger (cold), only a small amount on exchanges for trading.
Multisig adj
A wallet that requires multiple private keys to authorize a transaction, adding security.
A DAO treasury uses 3‑of‑5 multisig: three members must sign any withdrawal, preventing one compromised key from stealing funds.
Whitelist / Blacklist noun
Security feature where only approved addresses (whitelist) can receive funds, or suspicious addresses are blocked (blacklist).
On a crypto exchange, you whitelist your personal wallet address – even if hacked, funds can only go to that address.
CBN Guidelines / EFCC noun
Central Bank of Nigeria regulations on fraud reporting, and the Economic and Financial Crimes Commission for enforcement.
If scammed, file a report with EFCC's online fraud reporting portal and your bank immediately.
The Scams & Fraud Protection Lexicon — v.2026 — Dollarland Central Bank of Knowledge