Phishing and Malware Attacks Most Common Techniques for Credential Theft

By |2020-09-24T20:40:04+00:00September 24th, 2020|

Every day we use our personal information for access to online accounts, smart devices and other resources. This happens so frequently that the sensitivity of credential information can be taken for granted. A recent study by password management company LastPass found that a staggering 61 percent of business users reuse the same passwords for multiple accounts. Given that private information acts as the main line of defense for accounts and other personal information, obtaining compromised credentials can be a profitable endeavor for hackers.

The most common techniques for credential theft are phishing at 67%, followed by malware at 33%, according to NTT Security, an IT service management company. In most cases, a combination of the two are used as phishing-related attacks remain the most popular method of delivering malware to end-user systems.

What is phishing and malware?

Phishing-related attacks involve an attempt to direct the user to a fake site designed by an attacker to resemble a trusted website. As an example, a fake PayPal email may urge you to update your information because of suspicious activity, only to steal your login credentials. Or an attacker may try sending an email impersonating a company executive, requesting funds to be transferred to a particular account.

These types of phishing attacks exist across all industries. They’re given the same level of detail and research that you would expect to find in any organization’s workflow. Often, phishing attacks target the credentials of a specific employee in order to carry out a series of larger attacks that target other companies within the same supply chain or network.

Phishing attacks can be used in combination with malware attacks that include malicious software, such as viruses, ransomware and spyware, that aim to harm or exploit a device or network.

How can you protect yourself?

While cyberattackers do their best to make a phishing attack look authentic, there are some tell-tale signs for many phishing emails. Here are some of those red flags:

1. Grammatical Errors

A business or other organization does not commonly send out communications to customers that have spelling errors or poor grammar. This can be one of the first signs that an email is a phishing attempt.

Requesting Personal Information Already On File

A business or other organization that stores your personal information already has just that. The company does not send out an email asking for your login information, account number, birth date or any other personal information. They already have it on file.

2. Time-Sensitive Requests

An email that asks you to respond immediately, especially one that threatens a negative action such as closing your account, can be the sign of a phishing attempt. The attacker’s goal is to make you act quickly without thinking.

3. Suspicious Email Address

When receiving an unexpected email from a company or individual that requests personal information, make sure to check the sender’s email address. An attacker can try to make an email look authentic by sending it from a similar address. Cybercriminals can also transpose two letters in common email addresses in order to scam an unsuspecting victim.

If you receive an email with one of these red flags, do not follow its instructions, click its links, or download its attachments. You can, instead, track down the company contact information on its official website and call or email to inquire about the message’s authenticity.