Unless you are completely off the grid and don’t even read newspapers, it is hard to avoid the data breaches announced in the news. It’s not just techie news anymore either, with the big named news shows on the television and radio, and most every social media outlet, it is near common knowledge to know about an institution, agency, or large corporation, that has had their systems attacked and precious data exfiltrated.
Regardless of the target’s level of certified compliance, it still happens.
What happens with all this data that is copied out? A lot of it is financial data, which gets imprinted onto blank payment cards and sold in the new black market in the underground Internet, called the ‘Deep web’. Sold in bulk or one-offs. But it is not just payment information, like credit and debit cards. It’s health insurance information of the healthy, replicated, then modified and sold to a not-so-healthy person so they can get medical attention under a nicer plan.
What about the personal information? Like names, addresses, and email addresses? Well, that gets kept and used as well. With names and addresses, its easier to perform research on a target victim, figure out their likes and dislikes through their social networks, and then an attacker can craft very specific emails that are very appealing to try to get a target to click on a link or download an attachment. Even if the target has anti-virus, by downloading an attachment that is crafted well enough, the target is basically running the command, unknowingly, to allow remote connections or launch a spying program, that bypasses the security protocols that the anti-virus normally tries to defend against.
The lesson here is to be weary this holiday season, of emails. They are going to be a large attack vector of the bad guys. Black Friday and Cyber Monday are just around the corner and digital aged conmen have baited their hooks in an attempt to catch a phish.
Here is a great article about the rise in Amazon Phishing Attacks and a blog post about how 600,000 phishing emails this month, have been caught already and how users think they are so real, they go into the quarantine folder to try to release them so they can click on them.