The theft of personal or corporate data can occur in different ways, depending on the method chosen by the cybercriminal to carry it out and, although it is common to resort to cyber attacks, data theft can also be carried out by telephone calls, where the the interlocutor will pretend to be an entity (such as a bank, for example) and will request personal or confidential data from the victim, in order to obtain them.
Focusing on data theft over the Internet, the most common methods used are the following:
Phishing: Possibly one of the most used techniques to steal personal data. It is usually carried out by sending fraudulent emails or SMS, which lead users to false pages that imitate official pages, so that they enter their data and credentials. It is a method of which we have many examples, especially for bank data theft .
Spyware: This is a type of malware that, once installed on the victim’s computer, will try to access your information and data, as well as “see” your usernames and passwords and send them to a command and control server controlled by the cyber criminal.
Keyloggers: We can say that it is a type of spyware that records everything that is written on the victim’s computer, so that when credentials of any account are entered, they are “in sight” of the cybercriminals who have infected the computer.
Vulnerabilities: These are security flaws or bugs in legitimate programs that cybercriminals can use to break into our computers or networks and infect them with malware or scour them for data to steal.
Sniffing: Occurs when we connect to the Internet through an unprotected public WiFi network, which makes it easier for cybercriminals to intercept any information we send.
Scraping: It is not exactly a computer attack or data theft per se, since what is done here is to “scrape” the superficial part of a website to collect all the public data that appears on it and create with it a database. data that can then be sold on the Dark Web. It is common for social networks such as LinkedIn or Facebook to suffer.
Formajaking: This is a recent type of cyberattack in which cybercriminals inject malicious JavaScript code to collect data entered into web forms. The malicious code collects and transfers the data to a server controlled by cyber criminals.
Access to remote desktops with weak passwords: It occurs when a remote worker uses a weak password to connect to the company network and its remote desktop, opening the door for a cybercriminal to enter said network and, through techniques lateral movement, gaining access to more restricted levels.
Data theft by WhatsApp: It is not yet a very widespread technique, but it works through a false promotion to obtain a product for free that reaches us through a WhatsApp message. The message asks us to forward it to 10 people or 3 groups to activate the promotion, by doing so we will receive a message with a link that will take us to a website where we will be asked to download suspicious software or register for a premium service.
SQL injection: This attack is carried out on the SQL databases of unsafe web pages, allowing cybercriminals to access the databases that contain information about users (such as credit card numbers if it is a business) online.