>

Glossary Home

What will I learn?

  1. What is credential harvesting?
  2. How does credential harvesting work?
  3. Credential harvesting techniques
  4. How to identify credential phishing attack?
  5. Consequences of credential phishing
  6. How to prevent credential harvesting?

Related Content

Glossary Home

Credential Harvesting

What is credential harvesting?

Credential Harvesting is one of the cyberattacks in which a scammer seeks to access a user's personal or business account credentials. Cybercriminals could steal the credentials in huge numbers and sell them for financial gain or to deter the user's reputation by sending illicit emails.

How does credential harvesting work?

Typically, cybercriminals send phishing emails to harvest malicious software or extensions in the user's computer without their knowledge. These malware run in the background and scan the user's sensitive information such as login credentials and other personal data such as credit and debit card details.

Even if the hacker gets one login credential, it is common for users to reuse their passwords on various online platforms. Hence, the hacker can now initiate cyberattacks without the user's knowledge.

Common credential harvesting techniques

It is called as credential harvesting because, a threat actor harvests the login credentials in huge volumes. Some of the methods used to execute a credential phishing attack are given below:

  • Man-in-the-middle attack (MITM): A cyberattack in which cybercriminals exploit an email communication between two authentic endpoints. Neither the sender nor the recipient will realize that their data is stolen.
  • Email phishing: Cybercriminals send phishing emails with links redirecting to familiar websites and request users to authenticate with their credentials. User account gets compromised paving the way to online scams.
  • Domain spoofing: In this type of attack, the scammers spoof the sender's email address or the email domain name. Such emails appear to have originated from a trustworthy source. Domain spoofing intends to trick the recipients into opening the spoofed email, click the links in the email, sharing login credentials, etc.
  • Keylogging: Keylogging is a technique in which scammers install malware in a user system and log the keystrokes of the user.

How to identify credential phishing attacks?

In this digital era, cybercriminals get huge ransoms by selling user login credentials. Users must be educated about the importance of their login credentials and the necessity to keep them safe. It can be difficult to detect a credential phishing attack, since scammers use different techniques to steal credentials. However, below are a few tips for identifying credential phishing attacks:

  • Increase in phishing emails - Multiple users getting an email requesting login credentials can be a sign of a credential phishing attack.
  • Incorrect IP addresses - Track the user logins from new and unfamiliar IP addresses/locations.
  • Monitor network traffic - Keep an eye on your organization's network traffic and logs for suspicious activities. 
  • Suspicious login activities - Monitor the suspicious login attempts of user accounts and take appropriate preventive measures. Inform the user to change their password and enable Multi-Factor Authentication (MFA) for their accounts.
  • Unusual account lockouts - Multiple user accounts getting locked out or receiving password reset emails is an indication of a credential phishing attempt.

Consequences of credential phishing attack

Credential phishing is one of the most prevalent online scams that can impact individual and organizational users. The impacts of credential phishing can be devastating.

Consider that an attacker has access to a senior leader's login credentials in your organization. They can send authentic emails requesting a financial transaction, download confidential data from your cloud storage, gain access to employee and customer data, etc.

If the above data falls into the wrong hands, the consequences can be unimaginable, causing irrecoverable reputational damage and legal penalties.

How to prevent credential harvesting?

Irrespective of the nature of your email account (personal or business email), you must be aware of the implications of becoming a victim of a credential harvesting attack. Though one cannot eradicate credential phishing, one can prevent it by adhering to the below mentioned best practices.

  • Tighten up your organization's security protocols by deploying a robust email security solution.
  • Mandate Multi-Facto Authentication (MFA) for all users in your organization.
  • Conduct frequent user awareness training sessions to educate users about credential harvesting and other social engineering attacks.
  • Ensure your email service provider follows the latest data encryption protocols.
  • Run periodic security audits and monitor the network logs.
  • Conduct user education training sessions to sensitize the seriousness of credential harvesting attacks.
  • Do not share passwords via any communication channel. Encourage users to share sensitive information only through password vaults.
  • Set a strong password and reset the passwords in frequencies as per your organization's policy.
  • Do not use the same password for all accounts.
  • Setup stringent incident response and standard operating procedures to guide the security operations team in detecting, containing and mitigating credential phishing.

It is worth noting that, emails are not the only medium of credential harvesting attacks. Cybercriminals use various communication mediums to steal sensitive user data. Hence, it requires the combined effort of the user and the organization to fight against the latest trends of cyberattacks.