Credential Phishing: What It Is And How To Prevent It
Salesforce, June 25,2025
Credential phishing is a specific kind of phishing cyberattack that is aimed at getting users to share their credentials (typically usernames and passwords) so that the attacker can steal and use them to gain unauthorized access to email accounts, business systems, and other secure resources.
This type of credential theft is a subset of phishing in general, which more broadly attempts to steal a variety of types of sensitive information-including credit card or bank account details, Social Security numbers, and valuable organizational information, such as customer data or intellectual property.
Credential phishing is a growing problem, to state it mildly: one study reported a 703% increase in credential phishing in the second half of 2024, as compared to only a 202% increase in overall email-based phishing threats. (You know there's a big problem when a 202% increase can be considered relatively low.)