How credential phishing attacks threaten a host of industries and organizations


The first half of 2022 saw a 48% increase in email attacks over the previous six months, nearly 70% of which contained a credential phishing link, according to Abnormal Security.

Image: Adobe Stock

Credential phishing campaigns have grown not only in number, but also in sophistication. Using elaborate tactics, successful cybercriminals can impersonate well-known companies and brands to harvest sensitive account credentials from unsuspecting victims. A report released Thursday by email security provider Abnormal Security examines the latest wave of credential phishing attacks and offers tips for stopping them.

What is a credential phishing attack?

General phishing emails are often a prelude to credential phishing attacks that attempt to compromise an employee’s account. Once an attacker gains access to an internal account via the stolen credentials, they can launch more dangerous and devastating attacks against entire networks.

For the first half of 2022, email attacks against organizations increased by 48%, according to the report. Of all these attacks, 68% were credential phishing attempts that contained a link designed to steal sensitive account information. During the same period, 265 different brands were impersonated in phishing emails.

SEE: Mobile Device Security Policy (TechRepublic Premium)

Brands most likely to be impersonated in a phishing attack

A credential phishing email impersonating LinkedIn.
A credential phishing email impersonating LinkedIn. Image: Abnormal Security

Social media, Microsoft products, and e-commerce and shipping providers were the most popular to impersonate, accounting for 70% of all impersonated brands. Of the more than 425,000 credential phishing attacks in which a brand was impersonated during this period, 32% of them involved a social network, with LinkedIn topping the list.

LinkedIn is a tempting target to spoof because the networking site often sends out emails with updates on your profile, job search results, and other topics. Since LinkedIn users are comfortable receiving emails, cybercriminals can more easily send messages containing links to phishing sites.

Microsoft was the second most spoofed brand in the first half of 2022 with products such as Microsoft 365, Outlook and OneDrive appearing in phishing messages. Microsoft is a popular target because it provides many different products and services and is used by businesses and individuals. Once a Microsoft-linked account is compromised, the attacker can use those credentials to impersonate real employees, launch other email attacks, hijack email conversations, and demand fund transfers.

Tied for third place in phishing attacks, shipping services and e-commerce platforms account for 16% of credential phishing messages. At the start of the COVID-19 pandemic, online purchases increased by more than 50% between 2019 and 2021, making companies such as Amazon popular targets for spoofing by criminals looking to steal credentials sensitive.

No industry is immune to a credential phishing campaign. The attacks analyzed by Abnormal Security were sent to a range of organizations, including those in advertising, agriculture, construction, energy, finance, government, media, medical, real estate, retail, sports, technology and transportation. Although the tactics used against different industries may be similar, the brands impersonated often differ.

A credential phishing email impersonating Microsoft.
A credential phishing email impersonating Microsoft. Image: Abnormal Security

Emails spoofing Microsoft appeared in more than half of phishing messages received by professional sports teams and in nearly half of messages received by agricultural companies. But social media was the most popular brand in attacks on government agencies, educational and religious organizations, and entertainment companies. Emails spoofing LinkedIn, Facebook, Instagram and Twitter were seen in more than half of attacks against these industries.

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

How to protect your organization against credential phishing attacks

“While security awareness training remains an important tool in the cybersecurity tool belt, the best way to prevent your staff from falling victim to these increasingly sophisticated attacks is to stop them before they happen. ‘they don’t reach employees,’ Abnormal Security said in its report.

“Being proactive in protection and taking advantage of innovative technologies is key to reducing your organization’s risk,” the report adds. “It’s undeniable that email attacks will continue to increase in both volume and severity, but they can be stopped with the right solution, one that uses an AI-based behavioral approach and assesses the identity, context and content to establish a well-known baseline. By understanding what is normal within the organization, the right cloud messaging solution can block any messages that deviate from it.”


Comments are closed.