Study: retail is the country’s favorite target for virtual scams – 06/23/2023 – Tech

Retail businesses are the most targeted by data leakers and fraudsters on the internet, shows a survey by cybersecurity company SafeLabs — 35% of data leaks were targeted at retailers.

Close behind are financial institutions, affected in 27% of cyber attacks, followed by healthcare companies (13%).

In common, these businesses store sensitive data. Stores, banks and payment companies store credit and debit card data, an avenue for financial fraud. Hospitals, clinics and laboratories carry diagnostic information, used in other frauds.

Returning leaked data to the application of new scams is a peculiar practice in Brazil, according to SafeLabs director Leonardo Camata. “The criminal goes beyond the profile photo. He gains access to the names and telephone numbers of family members, which confers legitimacy when applying for a loan for fraud.”

The leaks and scams were detected by Mantis, a platform that searches the internet for stolen databases and typical phishing messages, a scheme in which criminals use bait to deceive people on the internet. The name comes from the verb to fish in English, fishing.

“From Telegram channels and online forums, fraudsters, for example, gain access to the personal data of third parties inside prisons”, says Camata.

Leaked personal information serves to open accounts in little-known fintechs, create credit cards and access resources improperly.

He says that most cyber scams in the country are carried out by criminals without in-depth knowledge of computers. “In the past, scammers looked for credit card statements in PO boxes, today they do it on the internet.”

Businesses that store data may be liable for damages caused by leaked information under their control, in accordance with the LGPD (General Data Protection Law) and the Consumer Defense Code.

The customer is left with the loss if he leaks his own data.

Camata claims that owners can reinforce security with mechanisms for detecting unusual behavior, such as access attempts in cities or strange hours. “Today, it is impossible to depend only on username and password.”

Discarding data from inactive accounts and keeping operating systems and software up-to-date also reinforce prevention.