Targeted attacks are increasing, with cybercriminals focused on stealing information that can be used to impersonate a user and perpetuate their scams.
It’s one thing to have a user’s credentials – as they are temporary should a user go through a password reset process. So, cyber criminals need to focus their efforts on collecting data from victims that facilitates having enough details to properly impersonate users for the long run. According to security vendor Positive Technology’s latest Cybersecurity Threatscape Q4 2018 report, cybercriminals are doing just that:
- 48% of attacks are focused on obtaining access to information
- 28% of attacks focus on credentials as the target
- 27% of attacks focus on personal data as the target
The collection of both credentials and personal data can facilitate the doxing of an individual, using the personal data (e.g., mother’s maiden name) to gain control over a user’s account on multiple sites (remember, a majority of users reuse passwords).
Organizations are at risk of successful cyberattack in the cloud and on-prem when a user’s credentials and personal data are successfully stolen. Educating users with Security Awareness Training will help them spot scams and fake websites seeking to harvest their credentials and personal data.