Everybody knows by now that websites collect information about users’ location, visited pages, and other data that can help them improve or monetize the experience. But just a small minority of Internet users realizes that browsers also collect/store information that can help attackers compile a “Web dossier” to be used for future attacks.
“An attacker could compile a list of applications you commonly log into from your URL history, including work applications and personal finance sites. Criminals can learn who in a company has access to the financial or payroll application, for example, and compile a list of usernames to use to break in. Knowing what applications are in use at a company can help an attacker craft more convincing phishing emails to try and trick users into exposing their passwords, which the attacker could then harvest,” explains Ryan Benson, a threat researcher at Exabeam.
Read more about how criminals can build Web dossiers with data collected by browsers on Help Net Security.