Check our latest Ransomware Group Activity Report!
02 scaled
comp email phishing
Digital Risk Protection Service

Compromising Email Accounts with Credential Phishing

Credential phishing is a phishing type attackers try to gain the credentials of an account. This is generally done by a fake login interface. But there are other techniques as well (e.g., keylogger). Attackers create a login web page imitating an original web page. The victim assumes that the web page he/she sees is the original one. Therefore, the victim enters the credentials of the account to the web page. However, credentials are taken by the attacker instead of the original server. The attacker steals the credentials and uses them to gain access to the victim’s account.

Attackers do not only target individuals. They might have bigger goals. Companies are also in the scope of the attackers. These kinds of attacks are called BEC (Business Email Compromise). Email accounts are included in the attack surface. Especially, CSuite members should be wellprotected from email attacks since they have the most critical data.

What an attacker can do with this information is that an attacker randomly selects employees of a specific company to compromise the company’s email accounts
(remember BEC) or picks a specific target, but the attacker does not know the email address of the target.

Brandefense Threat Reports

Cyber Threat Intelligence Team