Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
What happens to data stolen using phishing?
What happens to data stolen using phishing?
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 15,565
Threads: 10,026
Thanks Received: 9,252 in 7,403 posts
Thanks Given: 10,101
Joined: 12 September 18
#1
Bug  1 hour ago
Quote:We follow the trail of a phishing attack to break down, step-by-step, what happens to the data stolen from users.
 
Imagine: a user lands on a scam site, decides to make a purchase, and enters their bank card details, name, and address. Guess what happens next? If you think the attackers simply grab the cash and disappear — think again. Unfortunately, it’s much more complicated. In reality, the information enters a massive shadow-market pipeline, where victims’ data circulates for years, changing hands and being reused in new attacks.

At Kaspersky, we’ve studied the journey data takes after a phishing attack: who gets it, how it’s sorted, resold, and used on the shadow market. In this article, we map the route of stolen data, and explain how to protect yourself if you’ve already encountered phishing, or if you want to avoid it in the future. You can read the detailed report complete with technical insights on Securelist.

Harvesting data

Phishing sites are carefully disguised to look legitimate — sometimes the visual design, user interface, and even the domain name are almost indistinguishable from the real thing. To steal data, attackers typically employ HTML forms prompting users to enter their login credentials, payment card details, or other sensitive information.

As soon as the user hits Sign In or Pay, the information is instantly dispatched to the cybercrooks. Some malicious campaigns don’t harvest data directly through a phishing site but instead abuse legitimate services like Google Forms to hide the final destination server.

[Image: what-happens-to-data-after-phishing-1.png]A

fake DHL website. The user is asked to enter the login and password for their real DHL account

The stolen data is typically transmitted in one of three ways — or a combination of them:
  • Email. This method is less common today due to possible delays or bans.
  • Telegram bots. The attackers receive the information instantly. Most of these bots are disposable, which makes them hard to track.
  • Admin panels. Cybercriminals can use specialized software to harvest and sort data, view statistics, and even automatically verify the stolen information.
Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AdGuard for Android 4.12.2
AdGuard for Androi...harlan4096 — 09:01
Brave Browser is testing agentic AI brow...
Brave Browser is t...harlan4096 — 08:27
Ventoy 1.1.09
Ventoy 1.1.09 ...harlan4096 — 08:25
What happens to data stolen using phishi...
We follow the trai...harlan4096 — 08:23
K-Lite Codec Pack 19.3.5 / 19.3.6 Update
Changes in 19.3.6:...harlan4096 — 11:55

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (43)ivyhuv

[-]
Online Staff
There are no staff members currently online.

>