How do hackers get information about their victims?

98% of attacks are based on social engineering principles. That means hackers get information about their target and use the data to deceive the victim. The goal of such attacks is usually financially motivated. Specifically – to steal valuable information or gain immediate financial benefit.

Understanding the processes of obtaining information on victims and using it against them can help you protect yourself against social engineering attacks and identity theft.

How do hackers get information about their victims?

There are two most common ways hackers get information about their targets – social media and dark web forums.

Social media: how easy is it to overshare information?

Social media is one of the easily accessible methods to build a profile on a person. A hacker can effortlessly open LinkedIn and find the person’s name, phone, workplace, and email address. He can also see the surnames and job titles of people related to him.

On Facebook or Instagram, a criminal can easily find personal details: marital status, photos with kids, and names of relatives and friends.

Although building a user profile from social media data is time-consuming, it can be a profitable strategy. It is then easy for a hacker to impersonate another person (a client, a coworker, a business consultant, etc.) and use such information to build rapport. A convinced employee is likely to disclose confidential information: project login details, a list of employees who work on a project, and other secure data.

Dark web forums: the dangers of leaked data

Dark web forums are the first place where cyber criminals dump data after a successful data breach.

For example, such data usually include email addresses and passwords, phone, social security numbers, names and surnames, and physical addresses. After more sophisticated data breaches, hackers might dump even the credit card details. They upload all this data for public sale.

Consequently, other hackers get information about their victims by purchasing this listed data and using it to build a user profile. For instance, by buying only one leaked database, a hacker can receive a complete data package on its target.

What do hackers do with stolen information?

When hackers get information about the victim, they can use it for social engineering and other attacks.

They can either use the stolen information directly or indirectly:

• Perform a direct action (f. e., to break into the person’s account);
• Use this information for manipulating a victim (f. e., to impersonate a person and deceive the victim into giving away valuable data).

What can hackers do with your email and password?

When a hacker steals or buys leaked emails and passwords, he can use this information for a credential stuffing attack.

In this attack, a cybercriminal tries to log into the person’s accounts using the leaked combination of email and password. Therefore, it is dangerous to reuse the same password on a few platforms. You make it easy for a cybercriminal.

What can hackers do with your name, phone, and address?

If hackers get information about your contact details such as phone and address, you should beware of phone-based scams.

For instance, a cybercriminal can send you a text message saying that the apartment at your address has a debt of unpaid utility services. You might unknowingly click on a fraudulent link and pay the fake debt.

What can hackers do with your Social Security number and date of birth?

Social Security numbers and the date of birth are probably the most valuable information for a cybercriminal. Hackers can use this information for impersonating people or performing an action on behalf of the victim.

Social Security number, person’s name, and date of birth can be enough to open a credit card, take out a loan, and get your tax refund.

What can hackers do with your credit card numbers?

A hacker does not need to possess your debit or credit card to use it for spending money.

With a leaked credit card number and a CCV code, the hacker can purchase expensive goods, transfer money, and spend your savings online.

How to protect your data from falling into the hands of the criminal?

Prevention is always more cost-effective than suffering from any kind of attack. Once you know how hackers get information about their victims, you can ensure your data is safe.

Here are the most critical tips on how to protect your data:

1. Do not share your phone number and physical address on social media.
2. Evaluate possible consequences before sharing personal information about your home, yourself, or family.
3. If you are approached by a representative from any company who knows information about you or your business, be extra cautious. If doubting, hang up the phone and call the company using the contacts on their website.
4. Never use the same password on more than one account.
5. Always use long, complex passwords to provide maximum protection for your online accounts.
6. Never click on any suspicious links. Learn to recognize phishing scams.
7. If possible, do not use your credit card as a payment method. Use alternative payment methods such as PayPal or electronic bank transfers.
8. If an organization asks for your Social Security number, provide them with an alternative ID: a passport or a driving license number.
9. Never use your SSN or your date of birth as a password. Avoid including any personal information in your credentials.
10. Use an encrypted password manager to store all valuable information (passwords, secret notes, credit card information, and other login details).

Stay safe!