Police Warn of Cybercriminals Exploiting Personal Data Leaks and Phishing
Experts at Andorra's Data Protection Agency roundtable detail how criminals harvest and misuse personal info from leaks, phishing, and social media.
Key Points
- Cybercriminals value personal data from company leaks, old credentials, and phishing impersonating trusted entities.
- Social media posts and unencrypted devices provide images, locations, routines for building victim profiles.
- Scammers impersonate victims using AI voice cloning to deceive contacts and solicit money.
- Police recommend secret codewords, digital hygiene, and parental supervision to protect data, especially minors'.
Police experts outlined how cybercriminals exploit personal data during a roundtable hosted by Andorra's Data Protection Agency (APDA) on Wednesday, marking European Data Protection Day.
The event, titled "Data Protection: From Regulation to Reality," took place in the foyer of the General Council in Andorra la Vella. It was opened by Síndic General Carles Ensenyat and APDA director Jessica Obiols. Five specialists discussed the value of personal and corporate data, along with methods for collecting, using, and safeguarding it. They stressed the importance of adopting strong practices to prevent serious fallout.
Ferran Jordan, a senior police agent with the Technological Crimes Unit, explained why such data holds high value for criminals. He detailed common acquisition routes, including leaks from companies, digital platforms, or email services where users once shared credentials like passwords and addresses—information that lingers online for years, often forgotten by those who provided it.
Phishing emerged as another frequent source, with fraudulent messages impersonating banks, firms, or government bodies to build false trust. Victims often hand over details voluntarily through a click or reply, without needing malware or advanced hacks. Jordan also warned about data stored on emails and devices, such as ID photos, and voluntary social media posts revealing images, comments, locations, relationships, and routines that criminals combine to build detailed profiles.
Lost or stolen devices without encryption, open sessions, or accessible data compound the risks. Once obtained, criminals use this information not just to target the original owner but to deceive others—through fake rental ads, vehicle sales, or other scams. They also impersonate victims using social media photos to solicit money or details from contacts, increasingly pairing this with AI-generated voice cloning to hit family, friends, or colleagues.
To counter these threats, police advised sharing a secret codeword with close contacts to verify suspicious calls or messages. They promoted "digital hygiene," like regularly reviewing stored and shared information, especially if accounts get compromised. This is critical for minors, who produce vast personal data via social networks, games, and apps, often without oversight.
Adults bear responsibility for children's digital footprints, police noted, urging age-appropriate app access, parental supervision, and verification of tech use. Treating data with the same care as physical belongings fosters a shared culture of protection, they concluded, helping avert many crises.
Original Sources
This article was aggregated from the following Catalan-language sources: