Credential Phishing – Easy Steps to Stymie Hackers

Phishing attacks have become a common factor in our daily routines for businesses and in our personal lives. There are many different types of phishing attacks, each of which requires a slightly different defense while having some commonalities as well. This article covers a specific type of attack called credential phishing and ways to protect against it. While you may have heard of this type of attack, many people do not fully understand the different types of credential phishing, their goals, and how to defend against them. Time to remedy that!

Types of Credential Phishing Attacks

Generally speaking, most credential phishing attacks have a common, obvious purpose – to gather credentials from an individual. However, what attackers do with that information and the creativity used in the attack can vary greatly. In some cases, the credentials can be used to gain access to systems or network resources, while in others they can be used to take over bank accounts, social media accounts or email accounts. In any of these cases, the damage the attacker can do can be harmful to the organization or individual, both reputationally and financially.

A couple of months ago, I spent some time in Washington, DC, where I was honored to speak to members of several different House Subcommittees ranging from those focused on financial crimes and terrorism to consumer protection and intelligence services. After one of the briefings, I spent some time speaking with a member of the U.S. Secret Service. He told me a story about a case he just finished working. Sadly, this was a scenario that I already knew too well through others impacted by the same scenario.

In this case, the attacker was able to gain access to an individual’s email account through a credential phishing email. This victim worked (Read more...)