Credential phishing prevention best practices can help your employees prevent cyber attacks that can harm your business. Information security is everyone’s job. Now, more than ever, IT teams and employees need to collaborate in order to prevent business extinction-level events.

Credential phishing prevention

A recent study indicates that breaches due to credential theft take longer to detect than any other type of breach. On average, credential theft required 250 days to identify, as compared to 212 days for a run-of-the-mill breach. In other words, credential phishing theft can take more than a month longer to detect than other breach types.

Historically, credential phishing attacks have hit individual consumers. For example, a hacker might have intended to gain access to a single individual’s bank account.

Now, credential phishing attackers are opting for higher-value opportunities, in the hopes that they could beget further opportunities. The new targets? Corporations.

Attackers who gain a foothold in corporate networks can perform an extraordinary array of attacks. Post-network breach, subsequent attacks may have a phishing focus or may pertain to ransomware, malware, spyware, or supply chain attacks.

This article discusses how to keep credentials safe – from credential phishing best practices to how exactly you can protect your business and employees.

What is Credential Phishing?

Credentials typically consist of a username or ID, a password, a PIN or a combination of the three.

Credential phishing occurs when a malicious person or group attempts to trick people into disclosing account credentials. In some cases, credentials provide access to corporate networks, as indicated earlier. In other cases, credentials may provide access to client databases, payment information or other sensitive data.

Cyber criminals sometimes steal credentials for the purpose of selling them to known third-parties or to strangers on the dark web.

How Credential Phishing works

Credential phishing attacks can be executed via a variety of different formats.

In some cases, cyber criminals surf social media sites, looking for profiles of people whose credentials will assist them in obtaining desired data. Cyber attackers may then create emails that imitate those of regular corporate communications. The emails include malicious links that redirect victims to phishing sites with login credential theft mechanisms.

Carefully crafted phishing sites commonly fool employees. These sites often have authentic-looking fonts and images. They may replicate a brand’s domain perfectly. Further, the fake website or landing page must be arranged in such a way as to deceive spam filters and other security mechanisms.

After attackers gain credentials allowing them to infiltrate a network, means of stopping attackers remain limited. Attackers can circumnavigate security measures to move laterally within a network. As they do so, they can steal any sensitive information available.

How to spot credential phishing

In contrast with malware, which relies on security vulnerabilities to operate, credential phishing represents a direct attempt to deceive people. Research indicates that 96% of phishing attacks start with an email that deliberately exploits a person’s trust.

How can you identify credential phishing attempts? Common elements of a credential phishing email:

The email header

The sender

Initially, the email may appear to be from a known sender. Someone who works in an adjacent department, or a vendor who the person is often in contact with.

The subject line

Hackers try hard to get people to open their emails. In many cases, they deploy attention-grabbing and compelling subject lines. Here are the 11 most commonly used words and phrases in the subject lines of credential phishing emails:

  • Immediate password check required
  • Billing information is out-of-date
  • Payroll has been delayed
  • Updated vacation policy
  • Office reopening schedule
  • Confidential information about COVID-19
  • Your meeting attendees are waiting!
  • Employee raises
  • Dropbox: Document shared with you
  • Attention: Unusual account activity detected
  • Earn money working from home

Would any of these subject lines fool you? If tested, you might be surprised by the results. The most effective subject lines prioritize a sense of urgency, sound important or leads a person to believe that they are engaging with someone familiar. And the lines usually work.

The body text

Text within credential phishing emails typically does two things in order to achieve maximal effectiveness:

  • It dodges spam filters
  • It convinces the recipient to click on a malicious link

In addition, the message may be personalized, addressing the recipient by name. The message may also correspond to the sender’s typical writing style, email signature and usual topics of conversation.

The malicious link

Credential phishing attacks always include a link to a fake ‘login’ page of some kind. The mechanism for capturing credentials is on this page. However, as with the rest of the email’s contents, the login page link will appear very legitimate. Key indicators of malicious links include:

– use of .net rather than .com within a URL.

– Shortened links, as done through Bitly or TinyURL, which can disguise malicious links and help them get through email spam filters.

Best practices: Credential phishing prevention

Credential phishing represents one of the most successful forms of cyber attack. Preventing 100% of credential phishing attacks is nearly impossible. However, implementing the following security protocols can help:

  • Educate yourself and your employees by providing security awareness training
  • Implement multi-factor authentication (MFA)
  • Implement and enforce strict password management policies
  • Regularly patch systems
  • Maintain backups of organizational data
  • Install strong email security software

Further, consider the principle of least privilege, where employees’ access rights are limited to what is necessary for successful job performance. This prevents hackers from inflicting large-scale damage if a lower-level employee’s credentials see compromise.

Along the same lines, segmenting a network prevents hackers from moving laterally across an organization and from gaining unfettered access to valuable data.

Credential phishing prevention

Credential phishing can prove difficult to detect. As a result, it can endanger your data, your customers’ data and your enterprise. While preventing credential phishing attempts isn’t easy, enacting measures to limit the number of attempts that reach inboxes is imperative.

  • Expand employee education and awareness initiatives. Need ideas? Here and here.
  • Tell employees about customer support scams that commonly ask for login credentials
  • Leverage superior prevention tools that can block the most sophisticated of phishing attacks.
  • Protect all of your ‘weak links’; including mobile, email and endpoint
  • Implement a tool like ThreatCloud, known for its catch rate and efficiency
  • Contact cyber security professionals who can help. Here.

More phishing prevention resources

10 top phishing best practices for 2022

Timely phishing prevention strategies for today’s stealthiest attacks

New ‘Robin Banks’ phishing service targets major financial institutions

How 52% of phishing attacks reel in sharp and savvy LinkedIn users

Is your business making these risk management mistakes?

Lastly, to receive more timely cyber security news, insights into emerging trends and cutting-edge analyses, please sign up for the newsletter.