Stolen email credentials are an often exploited vulnerability for government and corporate networks. In fact, Verizon announced in a recent study that 91% of phishing attacks specifically targeted email credentials.
What do Hackers Use Stolen Credentials For?
There are a multitude of valuable uses for stolen credentials, especially when they come from government agencies and their supporting organizations that often have access to large employee and customer data sets. Some of these uses include:
– Social Engineer Individuals: To build better identity theft profiles to gain access to individual or organizational data.
– Infiltrate Networks: Steal PII, proprietary or secret information which can later be exploited or sold on the black market.
– Self-Promotion: Build credibility with in the criminal underground and black market communities residing on the “dark web”
– Profit: Stolen credentials along with stolen financial and health information is generating millions of dollars in the criminal underground market place.
While some government and corporate IT managers don’t think stolen third-party credentials are a threat, the truth is that they can easily be exploited to gain access to corporate networks through social engineering. In fact, 63% of data breaches result from weak or stolen passwords.
It often takes hackers just minutes to breach government and corporate networks, but it takes organizations weeks to detect the breach. How do you monitor this threat in the interim? How can you prevent your employees’ email credentials from being phished?
Pro-active Stolen Credential (Email and Password) Monitoring:
ID Agent’s Stolen Credential Calculator can help you determine the volume of stolen data identified on the dark web that could lead to a potential compromise of your government or corporate networks.