Credential harvesting, also known as password harvesting, is a form of cyberattack that involves the theft of personal or financial data such as usernames and passwords, typically carried out through phishing, malicious websites, email scams, or malware but not always. Any social engineering techniques, digital scamming, and malware may be used to steal login credentials. By obtaining credentials to a user’s online accounts, the attacker can gain access to sensitive information and sometimes use the stolen credentials for fraudulent activities, like transferring money out of the user’s account. In some cases, credential harvesting is used to gain access to a company or organization’s network, enabling the attacker to steal data and spread malware
Most credential harvesting attacks involve convincing the user to enter their login credentials into a malicious website or form. This is often done through phishing emails that direct recipients to a bogus version of a reputable site, like an online banking service or e-commerce store. When the user enters their username and password, the attacker can then use this information to access the user’s account and view or steal sensitive data.
In some cases, attackers may also use automated software tools to scan websites for vulnerabilities or scan networks for open ports (the latter of which can be used to gain access to a company’s internal network). Once attackers have gained access to a system, they can then install malware, or malicious software, that can be used to control the system or steal data.
Credential harvesting attacks can be difficult to detect, as cybercriminals use a variety of methods to acquire user credentials. These attacks even lure victims by mimicking real login pages (see example image below).
Organizations and individual users should look out for warning signs of credential harvesting such as phishing attempts or suspicious activity on their accounts. Additionally, any sudden increase in the number of access requests from unknown sources should be viewed with caution. If a credential harvesting attack is suspected, organizations should immediately investigate and take steps to mitigate the threat.
See below to learn all about IRONSCALES™ award-winning credential harvesting protection tools.
IRONSCALES™ provides mailbox-level fraud and anomaly detection that conventional Secure Email Gateways (SEG) miss. Our credential harvesting solution:
A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.