Beware of New Credential Phishing Attacks

Phishing: Avoiding the hook

A client of ours recently fell prey to what is called a Credential Phishing Attack.   In this version,  cyber criminals impersonate commonly known web services like Microsoft Outlook, Google Docs and DocuSign, in an attempt to trick you into providing your credentials.  You are invited to click on a link which takes you to a false sign-in page where you, the unsuspecting victim,  proceed to enter your username and password.  All seems normal. 

What happens next is that the attackers will use your stolen credentials to log into your Office 365 or other email account.  From here, they will then initiate more spear phishing attacks, with emails appearing to come from you, sent to other employees or perhaps external partners.  These emails will typically attempt to entice those recipients to make a money transfer to a fraudulent account or to click on a link which may launch a ransomware attack or deliver some other form of malicious software. 

Traditional email security fails to detect this attack

This type of credential phishing attack is unfortunately not detected by existing email security solutions because:

  • The links used are typically unique to each recipient and used only once. They never appear on any security blacklists.

  • Often the links included in these emails connect to legitimate web sites, however, the attacker has added a fake sign-in page to the site. The domain will otherwise appear legitimate.

  • Technologies designed to protect against unsafe links will not block these ones, since the link itself only takes one to a sign-in page. No malicious content is delivered to you at this point.  Only once you enter your credentials on this page, will the attack begin. 

BSC Solutions Group offers ongoing security awareness testing and training to keep your staff on their toes.  Staying educated on what to watch for and the latest techniques being employed by attackers is your best defense.  

February 09, 2018 4:19:22 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.