Personal data is valuable on the ‘black market’ but is also sold legitimately. Obtaining data such as contact details and personal details helps companies market their products to the right people.

Sensitive data, such as your race, religion, sexuality can also include your medical information and it is more valuable than personal data.

Phishing

      

Whaling

Targeting many individuals, mainly with blanket e-mails, and hoping that some will follow links, open attachments, reply with information, or transfer funds

 

Targeting a small group of individuals with significant data access (often disguised as a manager/CEO) and requesting personal information, bank details changes, or a large funds transfer

phishing_vs_whaling_phishing.png   phishing_vs_whaling_whaling.png

Phishing is a criminal act of deceiving someone into divulge confidential information, often using social engineering techniques to seduce its victims. It is often carried out by email or instant messaging by criminals who masquerade as trustworthy entities. The email directs the recipient to a fake website where the user is asked to enter passwords and credentials to steal usernames, passwords, credit card details and bank portal credentials.

Another tactic used by hackers is a method which fools computer users into installing malware from email attachments. The malware then ‘trawls’ the computer for sensitive information and transfers the information to the hacker.