What happens to data stolen using phishing?

[harlan4096]

We follow the trail of a phishing attack to break down, step-by-step, what happens to the data stolen from users.
 
Imagine: a user lands on a scam site, decides to make a purchase, and enters their bank card details, name, and address. Guess what happens next? If you think the attackers simply grab the cash and disappear — think again. Unfortunately, it’s much more complicated. In reality, the information enters a massive shadow-market pipeline, where victims’ data circulates for years, changing hands and being reused in new attacks.

At Kaspersky, we’ve studied the journey data takes after a phishing attack: who gets it, how it’s sorted, resold, and used on the shadow market. In this article, we map the route of stolen data, and explain how to protect yourself if you’ve already encountered phishing, or if you want to avoid it in the future. You can read the detailed report complete with technical insights on Securelist.

Harvesting data

Phishing sites are carefully disguised to look legitimate — sometimes the visual design, user interface, and even the domain name are almost indistinguishable from the real thing. To steal data, attackers typically employ HTML forms prompting users to enter their login credentials, payment card details, or other sensitive information.

As soon as the user hits Sign In or Pay, the information is instantly dispatched to the cybercrooks. Some malicious campaigns don’t harvest data directly through a phishing site but instead abuse legitimate services like Google Forms to hide the final destination server.

A

fake DHL website. The user is asked to enter the login and password for their real DHL account

The stolen data is typically transmitted in one of three ways — or a combination of them:

• Email. This method is less common today due to possible delays or bans.
  
• Telegram bots. The attackers receive the information instantly. Most of these bots are disposable, which makes them hard to track.
  
• Admin panels. Cybercriminals can use specialized software to harvest and sort data, view statistics, and even automatically verify the stolen information.
  

Continue Reading...