“Although phishing falls squarely in the bottom third of all attack types tracked by the [FBI] Internet Crime Complaint Center (IC3) in terms of total losses, it’s frequently just the first step in a variety of crimes and is often used more as a way to gain a foothold rather than the end goal,” the report explained. When successful, a credential phishing attack can grant threat actors access to usernames and passwords that can be leveraged to compromise other accounts and launch additional, more damaging attacks.

Source: Infosecurity Magazine – Information Security & IT Security