Skip to main content
Privacy & Security

Privacy & Security Glossary

Antivirus software

Software that detects and removes or quarantines code identified as malicious or harmful. Many providers of antivirus software provide frequent updates to help prevent the spread of new threats that can infect computers and other devices that access the internet.

Back door

A hidden method for bypassing normal computer authentication. Back door access can be used by a hacker to gain unauthorized access to information that is otherwise intended to be secure and private.


A network of computers that is used to forward spam and viruses on the internet. The term is a combination of shortened versions of two words, robot and network. The use of a proper firewall on your home computer is one of the best methods to help prevent becoming part of a botnet.

Browser hijack

A form of malware that alters the settings of your browser so that you are redirected to websites you have no intention of visiting. Browser hijackers may be installed as the result of a variety of actions such as installing certain types of software, clicking on a link in an infected email or as the result of a drive-by download.

Check scam

A crime in which an unsuspecting victim deposits a check into a bank account then wires a portion of the money to a criminal. By the time the check is confirmed as counterfeit, the money has already been wired and picked up by the criminal, leaving the victim without recourse for retrieving the funds they wired. Popular variations of the check scam involve online auctions, sweepstakes, work-at-home schemes and foreign currency transfers.

Data compromise

An organized theft of ATM, debit or credit card information primarily through merchant data breaches, merchant third-party processors, computer theft, stolen storage tapes or company insiders working for a merchant or merchant’s contractor.

Drive-by download

A method by which malware such as a browser hijacker is added to your computer without your knowledge. A drive-by download can happen when you visit a malicious web page or view a malicious html email, and may go undetected if your computer's security settings are not strict enough.


A method of making information unreadable to everyone except the recipient of that information who holds the key that unlocks the encryption method. A popular example of encryption in use is the secure transmission of credit card numbers while shopping on the internet.


Hardware or software that is designed to allow or deny access to an individual computer or a computer system. Most security experts agree that a firewall is necessary when using a computer that is connected to the internet.


An act that occurs when someone uses your account to make unauthorized purchases. This happens after your card, card number, online credentials or other account details have been stolen.


A computer criminal who tries to get access to a computer system without authorization.

Identity theft

A criminal activity in which someone obtains key pieces of personal information such as a Social Security number or driver's license number in order to be able to impersonate that individual. Identity theft activity can generally be divided into 2 categories: using someone else's identity to access their existing accounts and using someone else's identity to open new accounts. (Additional information about identity theft can be found on the sites listed on our External Resources page.)


The Identity Theft Assistance Center, a nonprofit, collaborative effort between financial institutions and law enforcement to provide consumers with helpful resources for preventing and detecting fraud and identity theft.


The Identity Theft Resource Center, a nonprofit organization that provides step-by-step resolution instructions, form letters and other resources to assist identity theft victims.

Keystroke logger

A hardware device or software program that monitors and records each keystroke made on a specific computer user's keyboard. Malicious keystroke loggers that are downloaded unwittingly by computer users operate in a covert manner so that the person using the keyboard is unaware their actions are being monitored. The keystroke logger then records the keystrokes, which can include user names and passwords, and periodically uploads the information over the internet to the person doing the monitoring. Also known as keyloggers or system monitors, keystroke loggers have been marketed as a way for parents to monitor their children's computer activities.


Malicious software designed to covertly infiltrate or damage a computer or computer system. Types of malware include viruses, worms, trojan horses and spyware. Malware can be distributed in a variety of ways including email attachments, links in email or on social networking sites and downloads from file sharing sites.

Opt in

Giving permission for an organization to use information in a specific way.

Opt out

Withdrawing permission for an organization to use information in a specific way.


A software update designed to correct problems with and/or improve performance of a computer program. A software patch is typically made available in order to eliminate vulnerabilities in a program that can allow a hacker to compromise the software user's computer.


A type of online fraud in which a criminal sends email that appears to be from a legitimate source, but in fact is designed to entice the recipient into clicking a link to a website where the unsuspecting victim is asked to provide sensitive personal information. That information can subsequently be used for identity theft purposes. A typical phishing scam involves an email from a bank or a popular online company telling the recipient that there is an account problem that needs to be addressed. (Additional information on phishing can be found on the sites listed on our External Resources page.)

Privacy breach

A privacy breach is a situation in which sensitive information that is controlled by Bank of America (or a third party acting on our behalf) is lost, misused (including inappropriately accessed) or disclosed to an unauthorized third party. The information may be in any form, including paper, electronic and encrypted data. A privacy breach may occur within Bank of America or at a supplier working on behalf of Bank of America.

Privacy notice

The policy under which a company operating a website handles personal information collected about visitors to the site. View the Bank of America online privacy notice

Secure Sockets Layer (SSL)

A protocol for securely encoding and sending sensitive information over the internet. Bank of America utilizes SSL technology as part of our commitment to maintaining the security and confidentiality of your information.

Service pack

A software program, sometimes referred to as a patch, that corrects known problems or adds new features to a software program already installed on your computer.


Stealing credit card information during an otherwise legitimate transaction. Skimming occurs when the information thief photocopies credit card receipts or uses a small electronic device added to a credit card scanner to capture card numbers and security codes.


The mobile phone version of phishing. An example of SMShing fraud would be a text message that appears to be sent from a legitimate source, such as a bank or credit card company, that urgently requests the recipient to call a phone number or follow a link in the message. The phone number or website will then ask for sensitive account or personal information.


Unsolicited email or text messages sent to large numbers of people to promote products or services. Federal legislation known as CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, gives customers the right to stop receiving email and spells out tough penalties for violations. Learn more about CAN-SPAM


An online identity theft scam in which criminals send emails that appear to be sent from legitimate sources. Also known as phishing, spoofing most often refers to the specific component of the scam in which elements of the email are made to appear legitimate. For example, the “From” address in the email may appear legitimate when in fact it is not.


A type of malware that gathers information from your computer activities and sends it to an unknown source without your knowledge. Spyware programs can be particularly damaging when they are designed to capture personal and financial information that can be used to commit fraud.

Trojan horse

A seemingly legitimate piece of software that carries an unwanted bit of programming code that can be used by hackers to gain unauthorized access to your computer.


A malicious program or piece of programming code. A virus can be transmitted in a variety of ways, including being copied from one device to another through an infected thumb drive or being transmitted through an infected email attachment. Viruses can be as harmless as delivering a birthday message or as destructive as causing your hard drive to be reformatted.


A form of phishing that occurs over VOIP (Voice Over Internet Protocol) connections. In a vishing scam, a person receives a phone call that appears to be coming from a legitimate source such as a bank or credit card company. The caller identification on the victim’s phone will show a legitimate business name and number, when in fact a criminal is really making the call. The criminal will pose as a representative of the company and ask the victim to confirm account details and other sensitive information, thereby illegally obtaining sensitive financial and personal information that can be fraudulently used.


A worm is a form of malware that reproduces itself in order to spread to other computers on a network. A malicious worm will typically use up computer resources with the intention of shutting down the entire system.


A computer that has been maliciously accessed and set up as part of a botnet.

Report suspicious activity

  • In your email:
    To report a suspicious email that uses Bank of America's name, forward it to us immediately at mailto:
  • On your statement:
    To report fraudulent activity on your Bank of America account, call 800.432.1000.
  • In texts:
    SMShing” and Smishing are like phishing but sent via SMS text messages to access information. Report attempts at mailto:
  • By phone:
    Vishing” uses the features of Voice over IP (VoIP) phones to steal personal and financial information. Report it at mailto: