Personal Data, The Most Precious Target For Cybercriminals
Personal Data : Identity theft and hacking of companies’ computer systems seek to get hold of our data Social Security. It does not matter if they are public or private bodies. Hackers pose as very popular services among citizens in order to steal their personal and banking data.
To do this, they resort to sending fraudulent emails (phishing), as alerted by the Internet Security Office (OSI) through its security notices. But phishing is not the only way for cybercriminals to get hold of a commodity as precious as our information. In the following lines we tell some of the most used practices and the advice of an expert in cybercrime to avoid falling into them.
Table of Contents
Phishing: The Most Common Modus Operandi For Cybercriminals
In recent years, security experts have detected massive attacks in the form of phishing, with which cybercriminals impersonate popular platforms (entertainment, parcel and logistics, etc.) to steal their customers’ data. Hackers pose as the service provided by the platform to find the keys to the accounts of its users.
The modus operandi? Send a fake email that mimics the platform’s corporate identity and in which they ask victims to verify their data by clicking on a link that actually leads to a fake page.
The real danger of this cyberattack, phishing, is the resale of data on the black market, which facilitates attacks on a larger scale, as commented from PandaLabs, the antimalware laboratory of Panda Security. And they warn that cybercriminals take advantage of our mistakes with passwords, such as reusing them in email accounts and social networks, something that paves the way for these criminals.
In addition to phishing, there are other crimes related to cybercrime aimed at getting hold of your data:
This fraud consists of manipulating the domain of a website so that it directs users to fake websites, but very similar in appearance. In this way they install malicious software on the victim’s computer or get their passwords or bank details.
They send SMS or WhatsApp, presumably from your bank, to report that a suspicious purchase has been made with the card, and ask that the bank be called, giving a false number. When they return the call, they request the data to cancel the purchase.
Theft Of Personal Data: How Is Cybercrime Evolving?
Every year, large companies and platforms are subject to cyberattacks to steal personal data, banking data or both. “These are very well orchestrated scams, since cybercriminals even emulate using two-factor authentication,” warn Panda Security. And, as they warn almost daily from the OSI, there are also many other problems with data leakage.
What’s going on? “In the field of the Internet, today, one of the most important assets, what is most valued, regardless of economic transactions and their authorizations, are personal data,” acknowledges Commander Alberto Redondo, Head of the Technological Crimes Group of the Technical Unit of the Judicial Police of the Civil Guard. And our passwords to enter our email or our accounts on platforms and services, banks or stores, are a door, many times, easy to pass.
And more, if we use the same key for everything. “This is a chain. If you use the same password for the bank as to manage the travel points card, the moment they blow one up – which if it is not too complicated is not too complex – they can access all the systems. And if they are made with the email key, they can have control of most online services, because in most of the services we have with password and user on the Internet they give you the possibility to recover the key and send it to your email. It is the whiting that bites its tail, “summarizes the expert in technological crimes.
How To Defend Your Personal Data
Privacy and security on the Internet is vital, but in computer security – recalls the specialist – “there is nothing 100% secure”, so there is no other way than to make it difficult for cybercriminals.
Creating strong passwords (nothing to keep those that come predefined or easy to remember), helping yourself to do so from sites such as Clavesegura.org or Identity Safe and having a password manager to build and save them are the formulas that Redondo recommends. “Many managers use the double factor authentication, the keys are robust and some even track on the Internet in case there has been a leak of that key or if it is in a forum,” he says.
How to protect your passwords (and personal data) The least safe thing is to save it in any type of computer document, that is, in a txt file or a Word on the desktop. “With a shortcut it is very easy to obtain,” admits the expert, so it is almost safer to have them written down on a piece of paper and know where they are.
We can also confirm with the Have I Been Pwned application that our email is not compromised, after security breaches or system attacks that may have occurred.
But we have been able to take these measures and even be victims. How do we know? The commander of the Civil Guard gives some clues:
- In the junk folder for spam (unwanted) messages, those types of emails start to get unusually high.
- Spam emails do not pass that filter and we begin to receive certain offers that we have not requested in the main input folder.
- We have a lot of phishing mail. It is logical not to fall if we do not have an account, for example, in a certain bank and they tell us by email that there has been some problem with the last transfer we made with them. But if it matches that you are and you respond, they will be able to access your data.
- In paid services, such as online television, with our passwords we will not be able to enter.
If our account has been hacked, the password will have to be changed and, sometimes, even “it will be worth changing the entire account, not just the password,” says Redondo. So it is essential to communicate it to the service provider where the compromised key is.
And, of course, if we see that the crime has been consummated (an economic transfer with your name or they have made use of a service), it is always important to go to the police and report a scam on the Internet.