What Can Hackers Do With Stolen CRM Data?

By: Michael @wCRMblog Taylor

CRM data may not seem like the most attractive option for a hacker, but according to Erika Morphy, it is and it may even be more lucrative for the hackers. Information such as financial records, corporate email addresses, notes, intellectual property, sales forecast data and other important documents can be included in CRM data. All of which are extremely important to any business and can be especially damaging if they fell into the wrong hands.

So what exactly can hackers do with this stolen information?

Well, hackers have many options once they have this information, but the most damaging and popular ones are: masquerading, directly targeting customers and committing industrial espionage.

Let’s delve into each of these. This article will demonstrate the magnitude of damage hacked CRM data can cause.

Masquerading – Impersonating Important Personnel

CRM data contains a significant amount of information about intra- and inter-company relationships between vendors, suppliers, and customers. This information can allow for a corporate hierarchy to be created and to determine who is responsible for payments.

Once this information is known, a hacker can masquerade as the appropriate manager and send emails to employees directing them to pay a specific supplier or vendor. This supplier or vendor is actually the hacker or an associate, unknown to the employee in question.

This maneuver is growing in popularity and is on the rise. One example according to David Pollino of the Bank of the West’s Fraud Prevention Office is to impersonate the CEO or CFO and request from the controller a confidential wire transfer to a non-existent company. The innocent employee, in this case the controller, has no idea that it is not their actual manager or CEO instructing them to do this. Employees believe they are just following management’s orders, when in reality they are aiding the hacker. Masquerading allows hackers to control where money goes and allows for a free, limitless range of actions based on the hackers demands.

Directly Targeting Customers

Hackers can target the end customers as well, which can allow for individuals to let down their guard.

Once hackers have the CRM data they become aware of real business transactions and organizational history. Using this information, they can come across as a credible source since they have this private data and manipulate customers into acting how they please. For example, hackers can convince customers to commit dangerous acts such as installing an “update” or “viewing” a specific attachment, which actually is a virus or allows for more information to be stolen.

This action can further damage the customer’s overall security as his or her own accounts or files can be viewed or even stolen. Customers are unaware of the dangers as they believe they are dealing with a trustworthy party based on the sensitivity of the information provided.

Industrial Espionage

CRM data allows for an in-depth understanding of competitors sales pipelines, sales cycles, business bids, contract wins, losses, sales leads and more.

This information can be sold to an organization’s competitors to allow for an increase in knowledge to gain an upper hand on the rest of the competition. This information in competitor’s hands could significantly damage and ruin a company and their existing relationships with suppliers, customers, vendors, etc. Furthermore, the hackers themselves could end up being the competitors wishing to cover up their illicit act to avoid detection. All of which results in permanent damage done to the organization in question.

Conclusion

CRM data should remain confidential to the specific company. As evidenced above, hackers who obtain this information have significant power and can inflict serious damage on an organization. It is in every company’s best interests to ensure their security is up to date and their CRM data is difficult to breach. Regular updates and maintenance should be conducted to limit the likelihood of a potential successful hacker attack. Many companies have fallen victim to hacker attacks, but by being aware and educated about the issue, companies can be better prepared to limit the possibility of such an event.

 Enjoyed this Article? SHARE with Your Friends & Coworkers!