Credential Phishing Attack Volume is Comparable to Spam

The median number of credential phishing attacks received by organizations increased 25% in July over the previous month, continuing a trend of rising phishing attacks. Credential phishing is the second most common attack type behind spam. Since February, the volume...
August 26, 2020

In July 2020, credential phishing attacks reached a six-month high, with numbers that rival spam volume.

The median number of credential phishing attacks received by organizations increased 25% in July over the previous month, continuing a trend of rising phishing attacks. Credential phishing is the second most common attack type behind spam. Since February, the volume of credential phishing attacks received by organizations has been about ⅔ the volume of spam received, and because credential phishing attacks have become so common, it’s easy to underestimate their potential impact.

Spam, which is unsolicited and unwanted bulk email, can cost organizations by wasting valuable employee time and crowding their inboxes. Credential phishing, however, can cause significantly more damage.

In a credential phishing attack, perpetrators frequently impersonate a known brand or entity in an attempt to steal a user’s email credentials. The email may appear to be from an internal department such as human resources, from a government agency, or an impersonated automated notification. These attacks often contain malicious links that redirect users to a credential harvesting site controlled by the attackers. Once the user inputs their credentials, the attackers are able to immediately gain access to their accounts. This access can be used to send additional phishing attacks from the compromised account, or the attacker may choose to lurk inside the user’s inbox, observing privileged company communications until they are ready to act.

Amidst this onslaught of credential phishing are targeted attacks known as Spear Phishing. These attacks are similar to other attempts at credential theft, but are crafted for a single individual or small group of people. They are frequently highly sophisticated and difficult to spot. The risk inherent in this increase in credential phishing is then two-fold—first, that more credentials may be lost due to the sheer volume of inbound attacks, and second, that this volume will lead to employee overconfidence in their ability to spot an attack.

Organizations and employees should be vigilant for these attacks, and take the necessary precautionary measures, including:

  • Double-check the senders and addresses to ensure that they're coming from legitimate sources. Don't trust the display name.
  • Always double-check a website’s URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails, which is done by traditional email security solutions. If the URL looks suspicious, don't enter your credentials and always verify with your company's IT department.

Interested in learning more about how Abnormal stops credential phishing attacks from hitting your organization? Request a demo today.

Credential Phishing Attack Volume is Comparable to Spam

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Knowledge Base People Base L1 R1
Discover how Abnormal uses contextual, behavioral data to uncover anomalous activity across logins and devices with PeopleBase.
Read More
ABN B 12 2 22 Expanding our partnership L1 R2
Our partnership with Microsoft has created plenty of opportunities to celebrate. Here are some of the especially exciting moments from 2022.
Read More
B 1500x1500 5 key takeaways L1 R1
Ed Amoroso discusses the biggest security risks with cloud email and how to prevent them.
Read More
B Threat Intel Phishing Attacks HR Policies
Threat actors are capitalizing on the new year, posing as human resources officials to send credential phishing attacks.
Read More
ESG Blog
ESG’s technical validation proves the risk reduction capabilities of Abnormal Cloud Email Security.
Read More
CFO Cover
Industry-leading CFO Sam Wolff discusses spending on security technology in the current macroeconomic conditions.
Read More