DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

Trending

  • IntelliJ IDEA Switches to JetBrains YouTrack
  • How to Optimize CPU Performance Through Isolation and System Tuning
  • WireMock: The Ridiculously Easy Way (For Spring Microservices)
  • Implementing RBAC in Quarkus
  1. DZone
  2. Data Engineering
  3. IoT
  4. Can an IAM solution prevent Credential Phishing

Can an IAM solution prevent Credential Phishing

Don't get caught by yet another phishing scam.

Kevin Harry user avatar by
Kevin Harry
·
Oct. 08, 19 · Presentation
Like (1)
Save
Tweet
Share
5.73K Views

Join the DZone community and get the full member experience.

Join For Free

man-fly-fishing-mountains-in-background


The most common misconception regarding credential phishing is that it is people-driven and not organization-driven. Therefore, organizations tend to underestimate the impact it can have on them if even one of their employees is a victim of credential phishing. We suggest reviewing your entire security strategy to ensure that you are protected against phishing.

Here is everything you need to know about credential phishing attacks.

You may also like: Evolution of Phishing: Spear Phishing and Whaling Scams Explained.

What Is Credential Phishing?

It is an attack in which users are redirected to seemingly legitimate and reputable websites that are, in fact, created by attackers. Once users enter their credentials, the attackers can steal them and use the credentials to access other accounts of the users.

These days, most of us have multiple accounts that are associated with a few passwords. This makes it easy for an attacker to carry out a credential stuffing attack to gain access to most of your accounts. However, most phishing attacks are still carried out to gain access to a user’s bank account.

Why Organizations Should Worry

There is also an increase in financially motivated attacks that target organizations, such as hospitals to commit insurance fraud, "Intellectual Property" websites to sell proprietary ideas on the black market, and so on.

As an organization, this is cause for worry because employees reuse passwords from their personal accounts for their official accounts, making it easy for attackers to gain access to your network.

What’s more, if your employees use their corporate network to access personal emails, where they can be exposed to phishing links, it can pose a direct threat to your network.

With the recent bring-your-everything-to-work trend gaining popularity in workplaces, you are opening yourself to the risks posed by your employees’ personal digital behavior.

Advancements in Phishing Attacks

Traditionally, phishing attacks could be completed only when an attachment was downloaded to a user’s system. However, URL and SMS-based attacks are now gaining popularity. Here is how they work:

  1. Attackers create a legitimate-looking fake website that requires users to enter their personal information.

  2. They create an SMS with click-bait content that users are tempted to click.

  3. Once the users enter their personal information in the redirected website, either their credentials are forwarded to the attacker or a malware is automatically downloaded to their systems.

  4. If these attacks are carried out when your employees are using their work systems, attackers can gain easy access to your network and data.

Preventing Phishing Attacks

Phishing has always called for a layered defense that includes detection and blocking. However, with organizations moving to the cloud, the same controls might not be effective. With the rapid pace at which phishing attacks are carried out, and the sheer volume of attacks designed to target organizations, traditional methods of defense can be rendered ineffective.

Effective measures to prevent phishing attacks from accessing your network include strong password policies, SSO, email controls, and a general identity-driven security measure.

  • Central identity management to ensure strong authentication across your network — such as an SSO system — can make logging in easier for your users while preventing phishing attacks from accessing your network.
  • Implementing MFA is another way to give access to only those who are authorized. By including a biometric component to the login process, attackers who have access only to the user’s credentials will not be able to enter your network.
  • Another complementary layer of security would be email-filtering that does not allow your users to access their personal emails while using your corporate network.


Further Reading

  • Security Attacks: Analysis of Machine Learning Models.
  • A New Trend of DDoS Attacks: Mobile Devices Are a New Generation of Botnets.
  • The Death of Passwords.
Network

Published at DZone with permission of Kevin Harry. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • IntelliJ IDEA Switches to JetBrains YouTrack
  • How to Optimize CPU Performance Through Isolation and System Tuning
  • WireMock: The Ridiculously Easy Way (For Spring Microservices)
  • Implementing RBAC in Quarkus

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: