Agari researchers entered unique credentials belonging to fake personas into phishing sites posing as widely used enterprise applications, and waited to see what the phishers would do next with the compromised accounts.
They found that 23% of all accounts were accessed almost immediately (likely in an automated manner, to confirm that the credentials work), 50% of the accounts were accessed manually withing 12 hours after compromise, and that 91% of the compromised accounts were accessed manually within the first week.
How are the compromised accounts used?
The phishing pages into which the researchers seeded the uniqe credentials impersonated Microsoft OneDrive, Office 365, SharePoint, Adobe Document Cloud, or just (generically) Microsoft.
After six months, they detected activity in ..
Support the originator by clicking the read the rest link below.
