Back to Blog

Don’t Forget Credential Phish (Attackers Won’t)

April 14, 2020

By: mirabiliscorp

Most of the top scenarios in the chart above mimic click-only phish, designed to lure users to click on embedded links. A much lower percentage of scenarios ask users to enter credentials like their network passwords, a telltale sign of credential phishing.

74% of Real Phish Are Credential Phish

But Credential Phish Are Only 17.2% of Simulations


During the first half of 2019, three out of four phish we saw in customers’ environments were credential phish. With stolen user names and passwords, a threat actor has access to a corporate network and can pass for a legitimate user. It’s one more reason to condition users to report the types of phishing your organization sees the most—real phish, not random possibilities.

A key part of our program is training our users to identify and react appropriately to real-world phishing attacks…We work in critical infrastructure and see nation-state attacks left and right. We can’t rely on government to be our first line of defense, so our employees have to provide that.”

Cyber-Program Director, Multinational Utility

Source: Cofense

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.