Here is a nice little list from the BBC:
A sophisticated phishing attack that exploits weaknesses in the legitimate sites of financial institutions to make attempts to trick people into handing over confidential details more plausible.
A successful use of Cross-site scripting will make it look like all the transactions are being done on the website of the real bank or financial institution.
A hijacked PC or server used to store all the personal data stolen by keyloggers, spyware or viruses.
Criminal hackers prefer to keep their distance from this data as its possession is incriminating. Dead drops are usually found and shut down within a few days of the associated phishing e-mails being sent out.
Abbreviation for Distributed Denial of Service. This is an attack in which thousands of separate computers, which are usually part of a botnet, bombard a target with bogus data to knock it off the net.
DDoS attacks have been used by extortionists who threaten to knock a site offline unless a hefty ransom is paid.
Malicious programs that automatically install when a potential victim visits a booby-trapped website.
The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves.
Sometimes it is obvious that a drive-by download has occurred as they can lead to bookmarks and start pages of the browser being replaced. Others install unwanted toolbars.
Increasingly criminals are using drive-bys to install keyloggers that steal login and password information.