Back to Blog

Don’t Forget Credential Phish (Attackers Won’t)

April 14, 2020

By: mirabiliscorp

Most of the top scenarios in the chart above mimic click-only phish, designed to lure users to click on embedded links. A much lower percentage of scenarios ask users to enter credentials like their network passwords, a telltale sign of credential phishing.

74% of Real Phish Are Credential Phish

But Credential Phish Are Only 17.2% of Simulations

During the first half of 2019, three out of four phish we saw in customers’ environments were credential phish. With stolen user names and passwords, a threat actor has access to a corporate network and can pass for a legitimate user. It’s one more reason to condition users to report the types of phishing your organization sees the most—real phish, not random possibilities.

A key part of our program is training our users to identify and react appropriately to real-world phishing attacks…We work in critical infrastructure and see nation-state attacks left and right. We can’t rely on government to be our first line of defense, so our employees have to provide that.”

Cyber-Program Director, Multinational Utility

Source: Cofense

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.