Understanding Phishing:

Credential Harvesting - Department of Justice Scam 

Criminals can use stolen email logins for many nefarious purposes, so they go to considerable trouble to “harvest” them. One attacker impersonated the US DOJ to lure victims into entering their credentials; this report shows how this scam works.

cred harv

For a cybercriminal, working login credentials are incredibly useful: being able to log into a victim’s email account allows a crook to use that account to send large amounts of phishing emails at zero cost. Even better — worse for us — he can log into a compromised account periodically and monitor the conversations occurring there; this might result in a leak of sensitive, trade secret, or personal information.

This means that an attacker with access to your email account can reset your password on a cloud service and falsely verify it’s you by just clicking on the link in the forgot-password email. He’ll then delete that mail so you never know your password was reset! Now he can control your Dropbox, Share Point, Slack, etc. — all via that initial email credential breach. 

What's inside this guide:

  • Examples of phishing campaigns that are designed to collect logins
  • How cybercriminals use the Department of Justice to threaten victims
  • Techniques used to detect these kinds of cases
  • and more...

Download this free report.

Cybercrime Expected To Cost The World $10.5 Trillion Annually By 2025.

INKY is a cloud-based email security solution that blocks spam, malware, and — most importantly — phishing attacks. Utilizing computer vision, artificial intelligence, and machine learning INKY catches everything. Driven, curious, mobile, and growing smarter by the subject line, INKY adds a thin—but powerful— layer of protection like no other.