Monday, August 18, 2025

Why Do Hackers Target & Attack Who They Do?

It’s quite rare for the average "someone" to be targeted by a deep, sophisticated cyberattack; without a compelling reason

Typically, this only happens when a hacker or group expects or knows they can achieve a significant payoff if they were to attack. If they think or know they could "score" something huge through an attack, they will be far more willing to invest their time and resources into that hack, attack, and/or SCAM.


How Hackers Identify Targets:

Ultimately Hackers use several methods to identify and profile potential victims:

  • Data Breaches: Leaked credentials and personal data are often sold or traded on the dark web.

  • Social Media & Public Records: Attackers analyze online behavior, job titles, and affiliations.

  • Online Activity: Individuals who engage with suspicious links, forums, or scam interactions may be flagged for further targeting.

  • Age & Profession: Older adults and professionals in finance, law, or tech are statistically more likely to be targeted.

Average Individual Risk:


While attacks on average users are common, they are usually broad and automated, not deeply or individually targeted. These attacks aim to exploit basic vulnerabilities for quick gains; like stealing credentials, installing ransomware, or harvesting personal data.

Examples of Commonly Used "Average User" Attacks:

1. Password Attacks: Password attacks surged to 7,000 attempts per second, up from 579 per second in 2021. These brute-force attacks are automated and indiscriminate, targeting any account with weak or reused credentials.

2. Infostealers: Infostealer malware compromised 2.1 billion credentials in 2024 alone, accounting for over 60% of all stolen credentials that year. These tools are deployed en masse and silently extract login data, browser history, and saved passwords from infected devices.

3. AI-Driven Phishing Campaigns: About 40% of all cyberattacks are now AI-driven, including phishing emails that adapt in real-time to user behavior. Attackers use AI to craft convincing messages and automate delivery to thousands of recipients simultaneously.

4. AI Chatbot Impersonation: AI-powered chatbots can mimic human conversation and are used to engage unsuspecting users at scale. These bots often impersonate customer support or trusted contacts to extract sensitive information.

5. Malware Distribution via Email & Web Ads: Malicious links embedded in emails or online ads are designed to infect any user who clicks; no targeting required. These campaigns rely on volume rather than precision, aiming to compromise as many devices as possible.

6. Credential "Stuffing": Attackers use previously leaked credentials from data breaches to try logging into other services. This method is highly automated and effective against users who reuse passwords across platforms.


More Commonly Attacked: "High-Value" Targets

Hackers prioritize individuals with access to sensitive systemsintellectual property, or financial assets. The payoff for targeting high-value individuals is much greater, which justifies the time and resources hackers invest.

1. High-Value Information or Access

  • Former Executives like CEOs, CFOs, CTOs, and COOs often retain access to sensitive systems or proprietary data even after leaving their roles.

  • Individuals with privileged access to financial systems, customer databases, or internal communications are prime targets.

  • Individuals with access to sensitive systems or financial assets.

2. Financial Wealth or Investment Activity

  • People with significant financial assets, such as investors, entrepreneurs, or wealthy individuals, may be targeted for direct financial gain.

  • Older individuals with wealth are often seen as more vulnerable due to potential gaps in digital literacy or security awareness.

3. Personal Vendettas or Revenge

  • Cases involving divorce disputes or personal retaliation (e.g., whistleblowers, disgruntled partners) can lead to targeted attacks.

4. Online Behavior and Exposure

  • Individuals who interact with scammers, engage in controversial discussions, or expose malicious actors may provoke retaliatory attacks.

  • Public figures or influencers with high online visibility are more likely to attract attention from threat actors.


Outside of those scenarios, an average person might become a target only after interacting with a scammer; via phone, email, or online. In such cases, the attacker may escalate to more advanced tactics, not necessarily for profit, but to cause disruption or chaos; and I’ve personally experienced this...

After identifying and reporting a scammer who tried to scam me, the scammer(s)/hacker(s) decided to retaliate by attacking me for a month straight via any/every angle they could. Email accounts, online banking, all of my social media accounts (personal and work related), my Amazon, Paypal, Venmo and Square accounts, etc.
You name it, they attacked it.
But, they didn't just attack me because they could.
I first had to "kick the beehive" per say by getting their VoIP service terminated, so they came after me with everything they had.


So yes; targeted attacks can happen to the average person.

But there’s usually a clear motive.

Random targeting of an “average Jane or Joe” is extremely unlikely because there’s no guaranteed reward; just lots of unneeded risk and a lot of potentially wasted effort.


What You Can Do:

Even if you're not a high-value target, basic security hygiene is essential:

  • Use strong, unique passwords and enable multi-factor authentication.

  • Be cautious with email links and attachments.

  • Regularly update software and monitor accounts for suspicious activity.



Created & Maintained by Pacific Northwest Computers



No comments:

Post a Comment