Phishing Attacks Won’t Work If There Are No Passwords To Phish

Ty Chaston
April 27, 2020

Get the latest from the SecureAuth Blog

Anyone who grew up near a body of water has probably tried their hand at fishing at one point in their life. Using a fishing pole, net or spear and probably with some type of bait in order to catch specific aquatic life the odds were almost always in the favor of success for catching something. Phishing on the other hand is executed by cybercriminals using similar techniques but to “catch” identity information of unsuspecting prey.

Why Do Phishing Attacks Work?

Phishing is a huge problem facing companies large and small.  CSO Online reported:

“Nearly a third of all breaches in the past year involved phishing, according to the 2019 Verizon Data Breach Investigations Report. For cyber-espionage attacks, that number jumps to 78%. The worst phishing news for 2019 is that its perpetrators are getting much, much better at it thanks to well-produced, off-the-shelf tools and templates.”

And a ZD Net article titled: What is phishing? Everything you need to know to protect yourself from scam emails and more reported:

“Phishing is one of the easiest forms of cyber attack for a criminal to carry out, but one which can provide these crooks with everything they need to infiltrate every aspect of their targets’ personal and working lives.

Usually carried out over email – although the scam has now spread to social media, messaging services and apps – a basic phishing attack attempts to trick the target into doing what the scammer wants. That might be handing over passwords to make it easier to hack a company or altering bank details so that payments go to fraudsters instead of the correct account. 

The aim and the precise mechanics of the scams vary: victims might be tricked into a clicking a link through to a fake webpage with the aim of persuading them user to enter personal information – it’s estimated that an average of 1.4 million of these websites are created every month.”

When phishing attacks are successful, they use the information they’ve gathered to make illegal purchases or otherwise commit fraud. So, if there is no login information to steal in the first place, you effectively neutralize a core element of phishing value. To do that, you need to believe and execute on an identity access management strategy that is complete passwordless.

A World Without Passwords

We have written previously about the tens of millions passwords stolen and about why you should eliminate your password addiction even if it isn’t password reset day or you havn’t faced a phishing challenge. We have also previously written about how “The Password Is Dead: The End of Password Logins, and What Will Replace Them.” So, now is the time to look at your identity access management strategy and consider a passwordless continuous authentication solution.

Passwordless Continuous Authentication Stops Phishing

Start by checking out our previous blog titled: “That Sounds Phishy: 5 Top Tips You Need to Know About Phishing Protection” and then why “The Best Password in 2020 Is No Password.” After that refresher, you will be ready to see what a passwordless continuous authentication solution can do to help with your potential phishing vulnerabilities.

Acceptto continuously creates and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Behavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

With Acceptto’s Passwordless Continuous Authentication you can ensure:

  • Actionable threat analytics: Real-time, continuous identity monitoring & validation post-authentication.
  • Dynamic authentication: Adjustable, risk-based policy orchestration and continuous enforcement.
  • Credential stuffing neutralized: Eliminate account takeover (ATO) instantly with intelligent contextual MFA.
  • Neutralize Phishing Impact: Eliminate the need for user name and passwords will eliminate a core requirement of phishing scams

Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.



Related Stories

Pin It on Pinterest

Share This