How Are Employee Logins Compromised?

by | Cybersecurity, Dark Web

Passwords are a twentieth-century solution to a modern-day problem. Unfortunately, user names and passwords are still the most common method for logging into services including corporate networks, social media sites, e-commerce sites, and others. Even worse, 39% of adults in the U.S are using the same or very similar passwords for multiple online services. As a result, compromising usernames and passwords represent the keys to the kingdom for malicious attackers and cybercriminals. So how are employee logins compromised?


  • Send emails disguised as legitimate messages
  • Trick users into disclosing credentials
  • Deliver malware that captures credentials

Watering Holes

  • Target a popular site: social media, corporate intranet
  • Inject malware into the code of the legitimate website
  • Deliver malware to visitors that captures credentials


  • Inject malware into legitimate online advertising networks
  • Deliver malware to visitors that captures credentials

Web Attacks

  • Scan internet-facing company assets for vulnerabilities
  • Exploit discovered vulnerabilities to establish a foothold
  • Move laterally through the network to discover credentials

A criminal dealing in stolen credentials can make tens of thousands of dollars selling them to multiple buyers. With multiple buyers, organizations can easily be under digital assault from dozens or even hundreds of attackers in multiple ways including:

  • Sending spam from compromised email accounts
  • Deface web properties and host malicious content
  • Install malware on compromised systems
  • Compromise other accounts using the same credentials
  • Exfiltrate sensitive data (data breach)
  • Identity Theft

While there is always a risk that attackers will compromise a company’s system through advanced attacks, most data breaches exploit common problems such as known vulnerabilities, unpatched systems, and unaware employees. Only by implementing a suite of tools – dark web monitoring, data leak prevention, multifactor authentication, employee security awareness training, and others – can organizations protect their business from the perils of the dark web.

Samantha Yip from ID Agent joined Pearl President & COO, Floyd Bell, for a chat about how critical your employees are as the first line of defense against cyber attacks and how you can educate and empower them to protect your business. Watch the 35-minute webinar

How Utilities Stay Wired for Success

How Utilities Stay Wired for Success

The utility industry is evolving at a rapid pace, with new technologies and tools emerging that promise to help companies deliver more reliable service while keeping costs in check. One technology that is rapidly becoming critical is vehicle connectivity, which allows...

read more
Common Data Backup Mistakes to Avoid

Common Data Backup Mistakes to Avoid

Data backup is an essential part of any small business's IT strategy, ensuring that critical data is protected against loss, theft, or damage. However, despite its importance, many small businesses make common mistakes that could jeopardize their data backup strategy....

read more
Luck Won’t Protect Your Business

Luck Won’t Protect Your Business

You're NOT too small to be bothered by cyber criminals. Some are using you for practice before bigger targets and others are driven by quantity. The statistics back this up: 70% of businesses were victims of ransomware in 2022 (half of them were small businesses) and...

read more

Schedule a FREE Network Assessment

Let us showcase our experience, knowledge, and personal approach.  We will uncover some essential ways to keep your business and your people up and running.

  • This field is for validation purposes and should be left unchanged.