Credential phishing campaigns have grown not just in number but in sophistication. By using elaborate tactics, successful cybercriminals can impersonate well-known companies and brands to harvest sensitive account credentials from unsuspecting victims. A report released Thursday by email security provider Abnormal Security looks at the latest wave of credential phishing attacks and offers advice on how to stop them.
What is a credential phishing attack?
General phishing emails are often a prelude to credential phishing attacks that attempt to compromise an employee’s account. Once an attacker has access to an internal account through the stolen credentials, they can launch more dangerous and devastating attacks against entire networks.
For the first half of 2022, email attacks against organizations rose by 48%, according to the report. Out of all those attacks, 68% were credential phishing attempts that contained a link designed to steal sensitive account information. Over the same time, 265 different brands were spoofed in phishing emails.
SEE: Mobile device security policy (TechRepublic Premium)
Brands most likely to be spoofed in a phishing attack
Social networks, Microsoft products, and e-commerce and shipping providers were the most popular ones to impersonate, accounting for 70% of all the spoofed brands. Among the more than 425,000 credential phishing attacks in which a brand was impersonated during this time, 32% of them involved a social network, with LinkedIn at the top of the list.
LinkedIn is a tempting target to spoof because the networking site often sends out emails with updates about your profile, your job search results and other topics. Since LinkedIn users are comfortable receiving emails, cybercriminals can more easily send out messages with links to phishing sites.
Microsoft was the second most spoofed brand during the first half of 2022 with such products as Microsoft 365, Outlook and OneDrive popping up in phishing messages. Microsoft is a popular target because it provides so many different products and services and is used by businesses and individuals alike. Once a Microsoft-related account is compromised, the attacker can use those credentials to impersonate actual employees, launch other email attacks, hijack email conversations and request fund transfers.
Tied for third place in phishing attacks were shipping services and e-commerce platforms, accounting for 16% of credential phishing messages. As the COVID-19 pandemic started, online shopping grew by more than 50% between 2019 and 2021, making such companies as Amazon popular targets to spoof by criminals looking to steal sensitive credentials.
No industry is immune to a credential phishing campaign. The attacks analyzed by Abnormal Security were sent to an array of organizations, including those in advertising, agriculture, construction, energy, finance, government, media, medicine, real estate, retail, sports, technology and transportation. Though the tactics used against different industries may be similar, the brands spoofed often differ.
Emails spoofing Microsoft showed up in more than half of the phishing messages received by professional sports teams and in almost half of the messages received by agricultural companies. But social networks were the most popular brands in attacks against government agencies, educational and religious organizations and entertainment companies. Emails spoofing LinkedIn, Facebook, Instagram and Twitter were seen in more than half of the attacks against these industries.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
How to protect your organization against credential phishing attacks
“While security awareness training remains an important tool in the cybersecurity toolbelt, the best way to prevent your workforce from falling victim to these increasingly sophisticated attacks is to stop them before they reach employees,” Abnormal Security said in its report.
“Being proactive about protection and taking advantage of innovative technologies are key to reducing your organization’s risk,” the report added. “There is little denying that email attacks will continue to increase in both volume and severity, but they can be stopped with the right solution—one that uses a behavioral AI-based approach and evaluates identity, context, and content to establish a known good baseline. By understanding what is normal within the organization, the right cloud email solution can block any messages that deviate from it.”
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays