Unfortunately, massive data breaches seem to be a growing trend in 2013. Whether they affect 100 people or a million, each one raises the same questions. Aside from the obvious “how are hackers able to access this information?” there are others wondering “what are they doing with my information?”
In general, people worry about identity theft and unauthorized use of financial information once an attack is announced and run around changing passwords and checking credit reports and bank statements. But as you can imagine with some breaches, with millions of users’ data exposed, these cyber criminals most likely had terabytes of data – all of which they probably won’t use right away. The information they received is probably just one step in their plan, and there is a possibility that we’ll see the effects of this year’s attack, months and possibly years from now.
Cyber criminals (wanting to make as much money as possible) will find someone to purchase the data that they consider worthless – we’re talking names of spouses, children and other family members, where they went to school, their hometowns, etc. It’s basically like stealing a car and selling it for parts.
So what do other cyber criminals want with this seemingly worthless information? This information is useful to criminals who want to target specific people through spearphishing and social engineering attacks – manipulation through the use of specific, personal information. For example, a criminal could use your husband’s name, along with your wedding date, to send a ‘happy anniversary’ email that appears to be from your spouse.
While cyber criminals seem to be getting smarter by the minute, it’s still important for consumers to be vigilant with their data and continue to be on the lookout for non-legitimate emails, pop-up ads and other online sources that can cause problems. Even though we only seem to hear about big-name data breaches, we still need to be aware of personal online behavior to keep data safe and out of the bad guys’ hands.
Agari is doing our part to restore consumer trust in email, but we would love your help! Seen any good “bad” phishing emails lately? Tweet us a screenshot at @AgariInc – with none of your identifying information in it of course- and use the hashtag #gophish