Disclosure of sensitive information and exposure enables phishing

Even a small data leak is a major concern for businesses and individuals. Disclosed sensitive information from an organisation causes harm. Furthermore, a sensitive information leak enables further attacks against organisations. For example, leaked passwords from third-party sites may lead to compromised systems in another company, as up to 80% of people reuse their passwords.

Fraud involving a scammer disguising themselves as a trustworthy entity in electronic communication is called phishing. Phishing means attempting to obtain sensitive information such as usernames, passwords and credit card details. For example, a spoofed email disguised as an official email from a bank may ask the target to visit and log in to a fake bank website. The phisher’s website appears to be a legitimate bank site but steals the credentials of the target.

Phishing has a high probability of success if the messages appear real. The ability to create realistic email messages comes from knowing detailed information about the target. Harmless online information on social media can be combined with detailed leaked information on the dark web to create a personal phishing email for the victim.

Send check result to email