While it’s deeply concerning to think about our data falling into the wrong hands, understanding what types of information a cybercriminal looks for and how they use it can help businesses and consumers to protect their assets.
What types of data does a Cyber Criminal target?
Personally Identifiable Information (PII) - data that can be used to identify, contact, or locate an individual, including names, addresses, birth dates, email IDs and phone numbers.
Financial information - Consists of credit card numbers, banking information, insurance information, billing accounts, and any other data involved in an individual’s financial activities.
Healthcare data - Information used for an individual’s medical services such as hospital records and medical insurance.
User credentials - Online or digital credentials include usernames, email IDs, passwords and online shopping login credentials.
What can a cybercriminal do with your information?
1. They can… sell your data
Not all cybercriminals want to use your data themselves – they sell it instead. One of the main places this occurs is on the dark web, where for-sale collections can include millions of records of stolen data.
To give you an example of rates, stolen PayPal account details with a minimum balance of $1,000 can sell for around $20. You can check out this index to see estimated prices for data that could be sold.
2. They can… hold your data for ransom
Otherwise known as a ransomware attack, cybercriminals gain unauthorised access to an organisation’s system and encrypt important data within, only returning access upon payment from the victim.
Using stolen login credentials (in other words, your username and passwords), cybercriminals can gain access to your online accounts and change the password to lock you out.
Hackers can target any kind of account, whether it’s your social media or Amazon. However, they often look for ones that include payment details so they can use your financial information.
4. They can… create targeted phishing attacks
Stealing data is often just the first step in a plan of attack.
Some cybercriminals repurpose and utilise stolen data to target individuals or organisations with personalised fraudulent emails, tricking the victim into believing they are a trusted source and willingly handing over sensitive information. ‘Whaling’ is when a phishing attack specifically targets senior executives and, if done correctly, can offer a large return on investment to criminals.
5. They can… carry out identity fraud
Identity fraud is when cyber criminals use another person’s identifiable information for personal gain. If a threat actor gathers enough data about an individual, they can:
Completing fraudulent purchases for products or services
Apply to financial accounts, such as credit cards
File fraudulent tax returns and income tax refunds in your name
Rent an apartment or apply for a job in your name
File for government benefits
Apply for a driver’s license or passport
6. They can… hire out your system as a botnet
If cyber criminals gain access to your systems, they can link your IT up to a botnet – a network of hacked computers and servers. This powerful network allows criminals to conduct large-scale crimes, such as DDoS attacks, that sabotages a website by overloading it with requests, leaving it unable to function.
7. They can… steal infrastructure
As servers and storage systems can be expensive, some cybercriminals ‘borrow’ other people’s instead. They aim to break into your infrastructure, storing their own data and running applications within it instead of paying for their own.
How can you prevent cybercriminals from accessing your data?
With the level of cyber risk remaining high, it is vital that both consumers and businesses protect their personal information. Some key practises you should imbed into your daily routine are:
Use strong and unique passwords, with a mixture of numbers, letters, and symbols. Using the same password across each account will mean hackers can access all of them if your credentials are leaked, so ensure each account has a different password.
Set up two-factor authentication, preventing unauthorised third parties from accessing accounts even if they have your login credentials.
Shred any documents containing personal information before you throw them away.
Install up-to-date antivirus software on your devices.
Be wary of public Wi-Fi, and avoid accessing accounts or sending documents that hold a lot of personal data.
Remain alert of inbound emails or texts that ask you to click a link or share personal information, double-checking their authenticity.
Protect your communications, using a secure email solution such as Mailock.
Join our secure email community
Subscribe for exclusive content on secure communications for professionals in regulated sectors.