Credential Phishing Attack Volume is Comparable to Spam

August 26, 2020

In July 2020, credential phishing attacks reached a six-month high, with numbers that rival spam volume.

The median number of credential phishing attacks received by organizations increased 25% in July over the previous month, continuing a trend of rising phishing attacks. Credential phishing is the second most common attack type behind spam. Since February, the volume of credential phishing attacks received by organizations has been about ⅔ the volume of spam received, and because credential phishing attacks have become so common, it’s easy to underestimate their potential impact.

Spam, which is unsolicited and unwanted bulk email, can cost organizations by wasting valuable employee time and crowding their inboxes. Credential phishing, however, can cause significantly more damage.

In a credential phishing attack, perpetrators frequently impersonate a known brand or entity in an attempt to steal a user’s email credentials. The email may appear to be from an internal department such as human resources, from a government agency, or an impersonated automated notification. These attacks often contain malicious links that redirect users to a credential harvesting site controlled by the attackers. Once the user inputs their credentials, the attackers are able to immediately gain access to their accounts. This access can be used to send additional phishing attacks from the compromised account, or the attacker may choose to lurk inside the user’s inbox, observing privileged company communications until they are ready to act.

Amidst this onslaught of credential phishing are targeted attacks known as Spear Phishing. These attacks are similar to other attempts at credential theft, but are crafted for a single individual or small group of people. They are frequently highly sophisticated and difficult to spot. The risk inherent in this increase in credential phishing is then two-fold—first, that more credentials may be lost due to the sheer volume of inbound attacks, and second, that this volume will lead to employee overconfidence in their ability to spot an attack.

Organizations and employees should be vigilant for these attacks, and take the necessary precautionary measures, including:

  • Double-check the senders and addresses to ensure that they're coming from legitimate sources. Don't trust the display name.
  • Always double-check a website’s URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails, which is done by traditional email security solutions. If the URL looks suspicious, don't enter your credentials and always verify with your company's IT department.

Interested in learning more about how Abnormal stops credential phishing attacks from hitting your organization? Request a demo today.

Blog door arches
When Abnormal Security was founded, our engineering and data science teams were focused on solving the toughest—and most expensive—email security problem for enterprises: business email compromise, or BEC. Fast-forward to today and Abnormal serves some of the largest enterprises...
Read More
Blog black twirl building
As bitcoin and other cryptocurrencies become increasingly popular, attackers are taking advantage. This attack leverages bitcoin to fool early adopters of cryptocurrency with BTC Era into paying for what they believe is an investment, but is really a guise...
Read More

Related Posts

Blog hiring cybersecurity leaders
As with every equation, there are always two sides and while it can be easy to blame users when they fall victim to scams and attacks, we also need to examine how we build and staff security teams.
Read More
Cover automated ato
With an increase in threat actor attention toward compromising accounts, Abnormal is focused on protecting our customers from this potentially high-profile threat. We are pleased to announce that our new Automated Account Takeover (ATO) Remediation functionality is available.
Read More
Email spoofing cover
Email spoofing is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source. A spoofed email is more than just a nuisance—it’s a malicious communication that poses a significant security threat.
Read More
Cover cybersecurity month kickoff
It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end...
Read More
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Account takeover cover
Account takeovers are one of the biggest threats facing organizations of all sizes. They happen when cybercriminals gain legitimate login credentials and then use those credentials to send more attacks, acting like the person...
Read More
Blog podcast green cover
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Read More
Blog attack atlassian cover
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Read More
Blog podcast purple cover
Working at hyper-growth startups usually means that unreasonable expectations will be thrust on individuals and teams. Demanding timelines, goals, and expectations can lead to high pressure, stress, accountability, and ultimately, extraordinary growth and achievements.
Read More
Blog yellow skyline
No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.
Read More
Blog rising building
There is little doubt that business email compromise and other advanced email threats are causing significant damage–both financial and reputational—to organizations worldwide. Because these never-before-seen attacks contain few indicators of compromise, they evade secure email gateways and other traditional email infrastructure...
Read More
Blog purple person outline
Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...
Read More