Article | 1:21 min read

How to Protect Your Business from Credential Phishing

Grow Your Business

Cybercriminals like to go phishing, but you don’t have to take the bait.

Cyber theft phishing by email, envelope, and fishing hook

Credential phishing is when cybercriminals steal credentials to gain access, bypass an organization’s security measures, and steal critical data. Your login credentials and passwords are highly valuable. Having a compromised password or credentials can allow criminals access to sensitive accounts and information without setting off security alerts or breach notifications.

Credential phishing attacks do not leave many indicators of compromise (IOCs), which can make breach investigations difficult. These fraudulent credential phishing pages are inexpensive for criminals to create, and attackers can easily change the look and feel of these malicious webpages to make it seem legitimate. Cybercriminals abuse trusted sites and cloud providers including Microsoft, Google, Adobe, and DropBox to deliver credential phishing attacks and malware.

The recent Cofense annual phishing report shows 67% of phishing emails are designed to steal user credentials and saw a 150% increase in the use of HTML attachments in credential phishing attacks.

The signs might not be noticeable, but once you recognize a phishing attempt, you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds and ensure the email looks trustworthy.

Here are some quick tips on how to spot a phishing email:

  • Does it contain information that is too good to be true?
  • Is it a strange or abrupt business request?
  • Does it include language that is threatening?
  • Does it include bad grammar or misspelled words?
  • Does it request to send private information?
  • Does it stress an urgency to click on unfamiliar hyperlinks or attachments?
  • Does the sender's email address match the company it's coming from?

Learn more tips about staying safe online to protect both yourself and your business.


The information provided in these articles is intended for informational purposes only. It is not to be construed as the opinion of Central Bancompany, Inc., and/or its subsidiaries and does not imply endorsement or support of any of the mentioned information, products, services, or providers. All information presented is without any representation, guaranty, or warranty regarding the accuracy, relevance, or completeness of the information.