Credentials threats and how to spot them

What are Credentials?

Credentials refers to your user ID, passwords, PIN or similar data used to verify the authenticity of your accounts.

‍

Why do I need to care?

Once compromised, credentials provide access to various accounts of the victim, such as email, social media or financial accounts. And hackers can misuse these accounts to transfer money, shop, send spam emails, steal confidential data or even demand ransoms for account access.

‍

This is how Credential Phishing works:

‍

1. Recognisance: The process begins with hackers identifying and researching potential targets. They scout social media and online platforms to collect details about individuals, which will help them to create persuasive phishing emails.    
2. Crafting the email: Using gathered information, attackers send fake emails resembling real corporate messages with malicious links or attachments designed to evade security measures.
3. Luring the victim: These emails contain deceptive links leading to fake websites that LOOKS real, so-called Phishing Websites. The victim is tricked into entering their login details, thinking they’re on a genuine site.
4. Gaining access: After victims enter their details, attackers gain access to their accounts, steal data and mig even target others with phishing attacks.

‍

An example from real life:

In 2023, a fake website cam led to approximately 1 million dollars being stolen from at least 460 postal workers. The scheme involved a website that mirrored the official payroll system, tricking employees into providing their usernames and passwords.

‍

How to spot Phishing Emails:

1. Check The sender's address for the official company domain; anything else might be a scam.
2. Be cautious of urgent subject lines like ”immediate passwords check required”
3. Analyze the email's content. Phishing emails urge the reader to click a link or download a file. Does the URL look legit? If not, do not click.
4. Always double-check email sources and be skeptical of any requests for personal information.
5. If in doubt, access sites directly through your browser or app rather than clicking links in emails or text messages

‍