Although it's concerning to imagine our data being misused, knowing what types of information a cybercriminal seeks and understanding their methods can help us safeguard our assets.
What Types of Data Does a Cybercriminal Target?
Personally Identifiable Information (PII) - Data that can be used to identify, contact, or locate someone, including names, addresses, birth dates, email addresses, and phone numbers.
Financial Information - Consists of credit card numbers, banking information, insurance details, billing accounts, and other data related to financial activities.
Healthcare Data - Information used for medical services such as hospital records and medical insurance.
User Credentials - Online credentials including usernames, email addresses, passwords, and online shopping login details.
"Stolen data rarely sits with one criminal for long. It moves through resale markets, targeted scams, and account takeover attempts - often faster than people realise their credentials are involved."
Paul Holland, Founder and CEO, Beyond Encryption (Mailock)
Those categories often reappear together in breach dumps and dark web listings.
What Can a Cybercriminal Do With Your Information?
1. Sell Your Data
Many cybercriminals don't use the stolen data themselves - they sell it instead.
A common marketplace for this is the dark web, where collections of stolen data, sometimes containing millions of records, are sold.
For instance, stolen PayPal account details with a minimum balance of $1,000 can fetch around $20.
Known as a ransomware attack, cybercriminals gain unauthorised access to an organisation's system and encrypt crucial data, only returning access after a ransom is paid.
This type of attack has been increasing and significantly impacts the market, with damages exceeding $30 billion in recent years.
What The Ransomware Figure Shows
InfoSecurity Magazine reported that ransomware damages were expected to exceed $30 billion. The cost is not only the ransom payment, but downtime, recovery work, and reputational harm.
Account takeover is another common next step once credentials or personal data are exposed.
3. Carry Out an Account Takeover
By using stolen login credentials like your username and password, cybercriminals can access your online accounts and change the passwords to lock you out.
Hackers can target any kind of account, from social media to Amazon. However, they often aim for accounts that include payment details to exploit your financial information.
4. Create Targeted Phishing Attacks
Stealing data is often just the first step in a broader strategy.
Some cybercriminals use stolen data to target individuals or organisations with personalised fraudulent emails, making the victim believe they are a trusted source.
'Whaling' is a specific type of phishing attack that targets senior executives, potentially offering a large payoff to criminals.
5. Carry Out Identity Fraud
Identity fraud occurs when cybercriminals use someone else's identifiable information for their gain.
If a threat actor collects enough data about an individual, they can:
Need A Safer Way To Send Sensitive Email?
Mailock keeps email familiar while adding protected access, recipient checks, secure replies, message tracking, and sender controls.
Complete fraudulent purchases for products or services
Apply for financial accounts, such as credit cards
File fraudulent tax returns and income tax refunds in your name
Rent an apartment or apply for a job using your identity
File for government benefits
Apply for a driver's licence or passport
6. Hire Out Your System as a Botnet
If cybercriminals gain access to your systems, they can connect your IT to a botnet - a network of hacked computers and servers.
This powerful network enables criminals to perform large-scale crimes, such as DDoS attacks, which sabotage a website by overwhelming it with requests, rendering it inoperative.
7. Steal Infrastructure
As servers and storage systems can be expensive, some cybercriminals 'borrow' others' infrastructure.
They attempt to break into your systems to store their data and run applications on your infrastructure, avoiding the costs of their own resources.
How Can You Prevent Cybercriminals from Accessing Your Data?
Given the high level of cyber risk, it is crucial for both consumers and businesses to protect their personal information.
"Login credentials are often the bridge between a data breach and account takeover. Once access is gained, criminals can change passwords, add payment methods, or use trust built in that account to reach others."
Here are some key practices to incorporate into your routine:
Use strong and unique passwords, with a mix of numbers, letters, and symbols. Avoid using the same password across multiple accounts.
Set up two-factor authentication to stop unauthorised access, even if your login credentials are stolen.
Shred documents containing personal information before disposal.
Install up-to-date antivirus software on your devices.
Be cautious of public Wi-Fi, and avoid accessing sensitive accounts or sending private documents while connected.
Stay alert to inbound emails or texts asking for personal information, and always double-check their authenticity.
Protect your digital communications with a secure email solution like Mailock.
Understanding how stolen data is traded, held to ransom, or reused in scams makes it easier to choose proportionate defences - from stronger credentials to safer email habits when sharing sensitive information.
FAQs
What Is the Main Security Issue Covered?
The article explains things a cyber criminal could do with your data and the risks it can create when sensitive information is sent or accessed by email.
What Controls Should Teams Consider?
Teams should look at access controls, authentication, encryption, staff training, recovery processes, and evidence of message activity. The right mix depends on the information being handled.
How Does Mailock Fit the Topic?
Mailock supports secure email workflows with protected access, recipient authentication, secure replies, message tracking, and audit trails.
Sabrina McClune writes about cybersecurity, data protection, digital identity, and digital transformation for Beyond Encryption, helping regulated sectors understand complex technology and compliance topics with greater clarity.