In July 2020, credential phishing attacks reached a six-month high, with numbers that rival spam volume.
The median number of credential phishing attacks received by organizations increased 25% in July over the previous month, continuing a trend of rising phishing attacks. Credential phishing is the second most common attack type behind spam. Since February, the volume of credential phishing attacks received by organizations has been about ⅔ the volume of spam received, and because credential phishing attacks have become so common, it’s easy to underestimate their potential impact.
Spam, which is unsolicited and unwanted bulk email, can cost organizations by wasting valuable employee time and crowding their inboxes. Credential phishing, however, can cause significantly more damage.
In a credential phishing attack, perpetrators frequently impersonate a known brand or entity in an attempt to steal a user’s email credentials. The email may appear to be from an internal department such as human resources, from a government agency, or an impersonated automated notification. These attacks often contain malicious links that redirect users to a credential harvesting site controlled by the attackers. Once the user inputs their credentials, the attackers are able to immediately gain access to their accounts. This access can be used to send additional phishing attacks from the compromised account, or the attacker may choose to lurk inside the user’s inbox, observing privileged company communications until they are ready to act.
Amidst this onslaught of credential phishing are targeted attacks known as Spear Phishing. These attacks are similar to other attempts at credential theft, but are crafted for a single individual or small group of people. They are frequently highly sophisticated and difficult to spot. The risk inherent in this increase in credential phishing is then two-fold—first, that more credentials may be lost due to the sheer volume of inbound attacks, and second, that this volume will lead to employee overconfidence in their ability to spot an attack.
Organizations and employees should be vigilant for these attacks, and take the necessary precautionary measures, including:
- Double-check the senders and addresses to ensure that they're coming from legitimate sources. Don't trust the display name.
- Always double-check a website’s URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails, which is done by traditional email security solutions. If the URL looks suspicious, don't enter your credentials and always verify with your company's IT department.
Interested in learning more about how Abnormal stops credential phishing attacks from hitting your organization? Request a demo today.