Credential phishing is when cybercriminals steal credentials to gain access, bypass an organization’s security measures, and steal critical data. Your login credentials and passwords are highly valuable. Having a compromised password or credentials can allow criminals access to sensitive accounts and information without setting off security alerts or breach notifications.
Credential phishing attacks do not leave many indicators of compromise (IOCs), which can make breach investigations difficult. These fraudulent credential phishing pages are inexpensive for criminals to create, and attackers can easily change the look and feel of these malicious webpages to make it seem legitimate. Cybercriminals abuse trusted sites and cloud providers including Microsoft, Google, Adobe, and DropBox to deliver credential phishing attacks and malware.
The recent Cofense annual phishing report shows 67% of phishing emails are designed to steal user credentials and saw a 150% increase in the use of HTML attachments in credential phishing attacks.
The signs might not be noticeable, but once you recognize a phishing attempt, you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds and ensure the email looks trustworthy.
Here are some quick tips on how to spot a phishing email:
- Does it contain information that is too good to be true?
- Is it a strange or abrupt business request?
- Does it include language that is threatening?
- Does it include bad grammar or misspelled words?
- Does it request to send private information?
- Does it stress an urgency to click on unfamiliar hyperlinks or attachments?
- Does the sender's email address match the company it's coming from?
Learn more tips about staying safe online to protect both yourself and your business.