Email threat types: Data exfiltration
Data exfiltration, sometimes referred to as data theft, is the unauthorized transfer of data from your computer, network, or other devices. The stolen data is transferred from the victim to a control server or some other device that is controlled by the attacker. This data is often sold on the dark web and used by other criminals for spear phishing, identity theft, and other advanced threats.
A comprehensive data loss prevention (DLP) system will scan all outbound emails and other network traffic to look for pre-determined patterns or keywords, such as credit card numbers or HIPAA medical terms. Emails containing this type of information are either blocked, encrypted, or quarantined for a review.