Cofense Logo - Email Security Solutions

Expect Credential Phishing to Continue Surging in 2019

Share Now


“Hackers don’t need to break in, they only need to log in.” This was a quote mentioned at a conference I attended last December and which I repeated in an e-book Cofense™ recently published, 6 Phishing Predictions for 2019. My prediction was that hackers will continue to go full bore with credential phishing, emails that specifically ask for username and password.  

Indeed, the Cofense Phishing Defense Report 2018 showed that credential phishing represented over 50% of the reported malicious emails we observed. This type of phishing will continue to surge in 2019—and most likely have success as organizations migrate many of their business applications to the cloud. Here’s an example of a real threat that illustrates why. 

In 15 Seconds, They Hacked into the Payroll System 

While attending a meeting with a customer recently, they shared a phishing attack they encountered. The campaign came in two waves, with the first wave having success at retrieving credentials for a handful of users. The second wave came just an hour later, but was fully blocked due to quick actions taken in wave one. The save wasn’t the most interesting part of the story, it was the threat that was discovered during their incident response investigation. Within just 15 seconds, the threat actor was able to log into the payroll system and change the direct deposit information for the user. 

When it comes to keeping your users in the loop on current threats, credential phishing should be top of mind. A great way to start is providing content in your messaging and newsletters. Reach out to your Security Operations Center (SOC) or Threat Intelligence teams to get a copy of a malicious message that is making its way into your organization, after getting past your gateway defenses. Tell them (a) this threat is real, (b) what is being seen, and (c) most of all, what can happen if a threat actor gains access to their credentials. I don’t know any individual that can afford to go without their paycheck if the threat actor is able to repurpose those credentials to log into their payroll set up and change their direct deposit information.  

Use Phishing Simulations to Condition Smart Behavior 

A couple of years ago when Ransomware was spiking, I wanted to ensure our users were able to identify and report these types of messages. I ran monthly campaigns to the full user population for 3 months, consistently using an attachment scenario aligned with the active threats.  

Today, we’re seeing credential phishing topping the charts and not letting up. The best way to prepare your organization for credential phishing is to condition with simulations, for instance, with Cofense PhishMeTM. If your organization has deployed multi-factor capabilities, reinforce the need to validate why they are getting prompted to authenticate. We know users can become numb to the multiple prompts to verify and could inadvertently allow access to their accounts.  

This is where focusing on the reporting metric is critical. We know you’re never going to get to a zero click rate. The aforementioned organization that had its payroll hacked in 15 seconds understood this factor. Because someone reported the attack, they were able to use their full phishing defenses quickly, take action, and mitigate the risk to the user and the organization. This organization, by the way, also used Cofense TriageTM to assist with identifying and analyzing the phishing threat. Thanks to automation and expert human analysis, our phishing response solution helped them to understand and stop the threat faster. 

To see all our phishing predictions for 2019, download the e-book and be better prepared. 


All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.  


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.