Even a small data leak is a major concern for businesses and individuals. Disclosed sensitive information from an organisation causes harm. Furthermore, a sensitive information leak enables further attacks against organisations. For example, leaked passwords from third-party sites may lead to compromised systems in another company, as up to 80% of people reuse their passwords.
Fraud involving a scammer disguising themselves as a trustworthy entity in electronic communication is called phishing. Phishing means attempting to obtain sensitive information such as usernames, passwords and credit card details. For example, a spoofed email disguised as an official email from a bank may ask the target to visit and log in to a fake bank website. The phisher’s website appears to be a legitimate bank site but steals the credentials of the target.