How credential phishing attacks threaten a host of industries and organizations – TechRepublic

How credential phishing attacks threaten a host of industries and organizations – TechRepublic

Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic’s News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
All fields are required. Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
How credential phishing attacks threaten a host of industries and organizations
Your email has been sent
The first half of 2022 saw a 48% increase in email attacks from the previous six months, with almost 70% of them containing a credential phishing link, says Abnormal Security.
Credential phishing campaigns have grown not just in number but in sophistication. By using elaborate tactics, successful cybercriminals can impersonate well-known companies and brands to harvest sensitive account credentials from unsuspecting victims. A report released Thursday by email security provider Abnormal Security looks at the latest wave of credential phishing attacks and offers advice on how to stop them.
General phishing emails are often a prelude to credential phishing attacks that attempt to compromise an employee’s account. Once an attacker has access to an internal account through the stolen credentials, they can launch more dangerous and devastating attacks against entire networks.
For the first half of 2022, email attacks against organizations rose by 48%, according to the report. Out of all those attacks, 68% were credential phishing attempts that contained a link designed to steal sensitive account information. Over the same time, 265 different brands were spoofed in phishing emails.
SEE: Mobile device security policy (TechRepublic Premium)
Social networks, Microsoft products, and e-commerce and shipping providers were the most popular ones to impersonate, accounting for 70% of all the spoofed brands. Among the more than 425,000 credential phishing attacks in which a brand was impersonated during this time, 32% of them involved a social network, with LinkedIn at the top of the list.
LinkedIn is a tempting target to spoof because the networking site often sends out emails with updates about your profile, your job search results and other topics. Since LinkedIn users are comfortable receiving emails, cybercriminals can more easily send out messages with links to phishing sites.
Microsoft was the second most spoofed brand during the first half of 2022 with such products as Microsoft 365, Outlook and OneDrive popping up in phishing messages. Microsoft is a popular target because it provides so many different products and services and is used by businesses and individuals alike. Once a Microsoft-related account is compromised, the attacker can use those credentials to impersonate actual employees, launch other email attacks, hijack email conversations and request fund transfers.
Tied for third place in phishing attacks were shipping services and e-commerce platforms, accounting for 16% of credential phishing messages. As the COVID-19 pandemic started, online shopping grew by more than 50% between 2019 and 2021, making such companies as Amazon popular targets to spoof by criminals looking to steal sensitive credentials.
No industry is immune to a credential phishing campaign. The attacks analyzed by Abnormal Security were sent to an array of organizations, including those in advertising, agriculture, construction, energy, finance, government, media, medicine, real estate, retail, sports, technology and transportation. Though the tactics used against different industries may be similar, the brands spoofed often differ.
Emails spoofing Microsoft showed up in more than half of the phishing messages received by professional sports teams and in almost half of the messages received by agricultural companies. But social networks were the most popular brands in attacks against government agencies, educational and religious organizations and entertainment companies. Emails spoofing LinkedIn, Facebook, Instagram and Twitter were seen in more than half of the attacks against these industries.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“While security awareness training remains an important tool in the cybersecurity toolbelt, the best way to prevent your workforce from falling victim to these increasingly sophisticated attacks is to stop them before they reach employees,” Abnormal Security said in its report.
“Being proactive about protection and taking advantage of innovative technologies are key to reducing your organization’s risk,” the report added. “There is little denying that email attacks will continue to increase in both volume and severity, but they can be stopped with the right solution—one that uses a behavioral AI-based approach and evaluates identity, context, and content to establish a known good baseline. By understanding what is normal within the organization, the right cloud email solution can block any messages that deviate from it.”
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

How credential phishing attacks threaten a host of industries and organizations
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
The technologies could enable immersive experiences, accelerated AI automation and optimized technologist delivery in the next two to 10 years, according to the firm.
Are you an IT manager or executive trying to make the case for a new ERP vendor? Compare the top ERP software solutions with our list today.
Learn about the new features available with macOS 13 and how to download and install the latest version of Apple’s flagship operating system.
Get great deals on developer and Linux training courses, Microsoft Office licenses and more through these TechRepublic Academy offerings.
This comprehensive guide covers the use of services from multiple cloud vendors, including the benefits businesses gain and the challenges IT teams face when using multicloud.
Recruiting a Scrum Master with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit provides a customizable framework your business can use to find, recruit and ultimately hire the right person for the job. This hiring kit from TechRepublic Premium includes a job description, sample interview questions …
Knowing the terminology associated with Web 3.0 is going to be vital to every IT administrator, developer, network engineer, manager and decision maker in business. This quick glossary will introduce and explain concepts and terms vital to understanding Web 3.0 and the technology that drives and supports it.
While the perfect color palette or the most sublime button shading or myriad of other design features play an important role in any product’s success, user interface design is not enough. Customer engagement and retention requires a strategic plan that attempts to measure, quantify and ultimately create a complete satisfying user experience on both an …
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and …


About the Author

Leave a Reply

error: Konten dilindungi !!
adana eskort - eskişehir eskort - eskort mersin