Credential Phishing
Attackers frequently try to steal employees’ credentials so they can access customer information, employee data, and finances.
Emails in credential phishing scams are designed to create a false sense of trust. The email links direct you to a malicious site imitating a real login page to steal your information.
They often appeal to your emotions with narratives like account access suspended, payment transfer complete, or outstanding balance. Other phishing emails may look like normal, routine correspondence.
Phishers imitate company email addresses, signatures, and logos. Even if an email looks like it is from a legitimate company, you still need to exercise caution.
Who is Targeted?
Never enter login credentials or other sensitive information into an unverified website, even if the site looks legitimate. If the layout or images look strange, you might have landed on a fake copy of a real site. Look out for old logos, broken images, and stretched or fuzzy images.
Remember, just because a site uses HTTPS or has a green padlock, it doesn’t guarantee the site is safe. Attackers can easily obtain free SSL certificates that give their phishing websites an air of legitimacy.
Keep your usernames, passwords, and security questions and answers private. Always verify that you are on an official website before you provide your credentials. Report any suspicious messages.