Account Takeover & You – Work Credentials Edition
Phishing messages plague work emails as much as they flood our personal inboxes. For every Nigerian prince you turn down, a CEO is asking for an employee’s cell phone number at 11 pm. Your work credentials are valuable to any criminal willing to pay for them.
The methods used by fraudsters are more successful and sophisticated than many of us will ever know. If you’re an IT professional, they may formulate an attack where you get an email requesting the password for the CEO’s account from a strange contact because they’re “logging in on their new phone.” But when it’s the boss asking for a favor, the fraudster assumes that you don’t feel comfortable refusing. One shared password later, out of good faith, and a criminal can get access to everything your leadership team does.
Phishing attempts against employees are common, well calculated, and vary widely. Emails and passwords are sold on the dark web every day. It’s inevitable that this leaked data includes work credentials, too. Fraudsters don’t have to be on-site to compromise a network. This is one of the many ways large corporate breaches happen. So what can you do?
Use Stronger & Unique Passwords
By using strong and unique passwords across your various sets of work credentials you can save yourself a lot of frustration when a breach occurs. Using a password manager can help you create complex passwords but also store them for easy use and perhaps an even more efficient workday. Learn more about how to write strong passwords here.
Don’t Open Email Links from Strangers
Honestly, this sounds like a simple suggestion, but it is the most common way for a fraudster to find their way into your company’s sensitive data. Most email services are good at filtering out spam and scam messages. But if one of those sneaks into your inbox, DON’T CLICK ANYTHING. Follow your organization’s directive for handling spam messages.
Now, the leak of your work credentials may not seem like a huge risk for you, but there are plenty of opportunities for criminals to leverage this against you. All the data your company’s HR department has can be compromised with the right log-in. Fraudsters could also read, send, and delete emails as you, scam other coworkers and customers, or even change your direct deposit information.
The impact on the company may be secondary, but it can also have a massive impact. Depending on your work the risk could be as simple as very detailed employee work information to confidential proprietary information or customer information. The leak of user or customer data on a company level can, and has, impacted employees, sales, and job stability.