7 Things a Cyber Criminal Could Do With Your Data (+ Prevention!)

With so many of us now opting to use digital services, cybercriminals have a larger pool of opportunities to target. Last year alone, an estimated 5.9 billion accounts were compromised in data breaches.

While it’s deeply concerning to think about our data falling into the wrong hands, understanding what types of information a cybercriminal looks for and how they use it can help us to protect our assets.

What types of data does a Cyber Criminal target?

• Personally Identifiable Information (PII) - data that can be used to identify, contact, or locate an individual, including names, addresses, birth dates, email IDs and phone numbers.
• Financial information - Consists of credit card numbers, banking information, insurance information, billing accounts, and any other data involved in an individual’s financial activities.
• Healthcare data - Information used for an individual’s medical services such as hospital records and medical insurance.
• User credentials - Online or digital credentials include usernames, email IDs, passwords and online shopping login credentials.

What can a cybercriminal do with your information?

1. Sell your data

Not all cybercriminals want to use your data themselves – they sell it instead. One of the main places this occurs is on the dark web, where for-sale collections can include millions of records of stolen data.

To give you an example of rates, stolen PayPal account details with a minimum balance of $1,000 can sell for around $20. You can check out this index to see estimated prices for data that could be sold.

2. Hold your data for ransom

Otherwise known as a ransomware attack, cybercriminals gain unauthorised access to an organisation’s system and encrypt important data within, only returning access upon payment from the victim.

This type of attack has been growing steadily over the past few years and is having a significant impact on the market, with damages set to exceed $30 billion by 2023.

3. Carry out an account takeover

Using stolen login credentials (in other words, your username and passwords), cybercriminals can gain access to your online accounts and change the password to lock you out.

Hackers can target any kind of account, whether it’s your social media or Amazon. However, they often look for ones that include payment details so they can use your financial information.

4. Create targeted phishing attacks

Stealing data is often just the first step in a plan of attack.

Some cybercriminals repurpose and utilise stolen data to target individuals or organisations with personalised fraudulent emails, tricking the victim into believing they are a trusted source and willingly handing over sensitive information. ‘Whaling’ is when a phishing attack specifically targets senior executives and, if done correctly, can offer a large return on investment to criminals.

5. Carry out identity fraud

Identity fraud is when cyber criminals use another person’s identifiable information for personal gain. If a threat actor gathers enough data about an individual, they can:

• Completing fraudulent purchases for products or services
• Apply to financial accounts, such as credit cards
• File fraudulent tax returns and income tax refunds in your name
• Rent an apartment or apply for a job in your name
• File for government benefits
• Apply for a driver’s licence or passport

6. Hire out your system as a botnet

If cyber criminals gain access to your systems, they can link your IT up to a botnet – a network of hacked computers and servers. This powerful network allows criminals to conduct large-scale crimes, such as DDoS attacks, that sabotages a website by overloading it with requests, leaving it unable to function.

7. Steal infrastructure

As servers and storage systems can be expensive, some cybercriminals ‘borrow’ other people’s instead. They aim to break into your infrastructure, storing their own data and running applications within it instead of paying for their own.

How can you prevent cybercriminals from accessing your data?

With the level of cyber risk remaining high, it is vital that both consumers and businesses protect their personal information. Some key practices you should embed into your daily routine are:

• Use strong and unique passwords, with a mixture of numbers, letters, and symbols. Using the same password across each account will mean hackers can access all of them if your credentials are leaked, so ensure each account has a different password.
• Set up two-factor authentication, preventing unauthorised third parties from accessing accounts even if they have your login credentials.
• Shred any documents containing personal information before you throw them away.
• Install up-to-date antivirus software on your devices.
• Be wary of public Wi-Fi, and avoid accessing accounts or sending documents that hold a lot of personal data.
• Remain alert of inbound emails or texts that ask you to click a link or share personal information, double-checking their authenticity.
• Protect your digital communications using a secure email solution such as Mailock.

Further reading

• How To Recall (Or Revoke) An Email In Outlook
• The Rise of Digital Fraud and Customer Dissatisfaction
• Digital Comms: How to Protect Personally Identifiable Data (Guide)