Beware of New Credential Phishing Attacks

Phishing: Avoiding the hook

A client of ours recently fell prey to what is called a Credential Phishing Attack.   In this version,  cyber criminals impersonate commonly known web services like Microsoft Outlook, Google Docs and DocuSign, in an attempt to trick you into providing your credentials.  You are invited to click on a link which takes you to a false sign-in page where you, the unsuspecting victim,  proceed to enter your username and password.  All seems normal.

What happens next is that the attackers will use your stolen credentials to log into your Office 365 or other email account.  From here, they will then initiate more spear phishing attacks, with emails appearing to come from you, sent to other employees or perhaps external partners.  These emails will typically attempt to entice those recipients to make a money transfer to a fraudulent account or to click on a link which may launch a ransomware attack or deliver some other form of malicious software.

Traditional email security fails to detect this attack

This type of credential phishing attack is unfortunately not detected by existing email security solutions because:

  • The links used are typically unique to each recipient and used only once. They never appear on any security blacklists.
  • Often the links included in these emails connect to legitimate web sites, however, the attacker has added a fake sign-in page to the site. The domain will otherwise appear legitimate.
  • Technologies designed to protect against unsafe links will not block these ones, since the link itself only takes one to a sign-in page. No malicious content is delivered to you at this point.  Only once you enter your credentials on this page, will the attack begin.

BSC Solutions Group offers ongoing security awareness testing and training to keep your staff on their toes.  Staying educated on what to watch for and the latest techniques being employed by attackers is your best defense.