Criminals can build Web dossiers with data collected by browsers

Everybody knows by now that websites collect information about users’ location, visited pages, and other data that can help them improve or monetize the experience. But just a small minority of Internet users realizes that browsers also collect/store information that can help attackers compile a “Web dossier” to be used for future attacks.

“An attacker could compile a list of applications you commonly log into from your URL history, including work applications and personal finance sites. Criminals can learn who in a company has access to the financial or payroll application, for example, and compile a list of usernames to use to break in. Knowing what applications are in use at a company can help an attacker craft more convincing phishing emails to try and trick users into exposing their passwords, which the attacker could then harvest,” explains Ryan Benson, a threat researcher at Exabeam.

Read more about how criminals can build Web dossiers with data collected by browsers on Help Net Security.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here