Credential Phishing Attack Volume is Comparable to Spam - Abnormal Security

Credential Phishing Attack Volume is Comparable to Spam

This is our second installment of a monthly series to surface trends in email attacks. Our installment this month discusses trends we observed in July.

In July, Credential Phishing attacks reached a six month high, with numbers that rival Spam volume.

Median Monthly Phishing Attacks Received by Orgnaizations

The median number of Credential Phishing attacks received by organizations increased 25% in July over the previous month, continuing a trend of rising phishing attacks. Credential Phishing is the second most common attack type behind Spam. Since February, the volume of Credential Phishing attacks received by organizations has been about ⅔ the volume of Spam received.  Because Credential Phishing attacks have become so common, it’s easy to underestimate their potential impact. Spam, which is unsolicited and unwanted bulk email, can cost organizations by wasting valuable employee time and crowding their inboxes. Credential Phishing, however, can cause significantly more damage. 

In a Credential Phishing attack, perpetrators frequently impersonate a known brand or entity in an attempt to steal a user’s email credentials. The email may appear to be from an internal department such as HR, from a government agency or to be an automated notification. These attacks often contain malicious links which redirect users to a credential harvesting site controlled by the attackers. Once the user gives up their credentials, the attackers are able to immediately gain access to their accounts. This access can be used to send additional phishing attacks from the compromised account, or the attacker may choose to lurk inside the user’s inbox, observing privileged company communications until such time as they are ready to act. 

Amidst this onslaught of Credential Phishing are targeted attacks known as Spear Phishing.  These attacks are similar to other attempts at credential theft, but are crafted for a single individual or small group of people. They are frequently highly sophisticated and difficult to spot.  The risk inherent in this increase in Credential Phishing is then two-fold: first, that more credentials may be lost due to the sheer volume of inbound attacks, and second, that this volume will lead to employee overconfidence in their ability to spot an attack. 

Organizations and employees should be vigilant for these attacks, and take the necessary precautionary measures: 

  • Double check the senders and addresses for messages to ensure that they’re coming from legitimate sources. Don’t just trust the display name. 
  • Always double check a website’s URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails by traditional email security solutions. If the URL looks suspicious, don’t enter your credentials and always verify with your company’s IT department.

Related content