#WeekendWisdom 091 Phishing for Credentials

Welcome to #WeekendWisdom number 91. This week we’re going to talk about phishing for credentials.

This sounds familiar

I covered something pretty similar back in #WeekendWisdom number 42 where I covered Consent Phishing.

But credential phishing is where the criminals are going to try and get you to give up your login ID, usually your email address and your password. They can later on compromise your email account or perhaps log into your office systems to be able to execute a ransomware attack.

How do they carry out phishing for credentials?

The methods they use are varied, but a very sneaky one that they typically use is, they will send an email with an actual SharePoint link in there, or this could be a Google Drive link as well. People are very familiar with SharePoint links and Google drive links. They are usually fairly safe to click because these are things that people deal with on a day-to-day basis. They’re not some crazy dodgy site that you are being linked to. It’s something you’re familiar with.

Then when you click on the link, then it will say “Oh. You need to sign into your Microsoft account” or “… your Google account to be able to get into this document.” That’s where they catch you. They pop-up a login page and you give up your user ID and password in there. Now they have it.

How can you protect yourself from this?

So it’s really important that you implement something like multi-factor authentication to get an additional set of protections from these sorts of attacks.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.