Question 1

What is credential harvesting?

Accepted Answer

Credential harvesting is the use of compromised user credentials to gain access to sensitive data.

Question 2

What does a credential harvesting attack look like?

Accepted Answer

Credential harvesting attacks can take many forms, depending on what credentials were compromised and how the hacker intend to monetize stolen data. A common form of attack uses “credential stuffing” to try thousands of username/password combinations in quick succession. Other attacks rely on credentials “skimmed” from compromised websites. Among the most common credential harvesting attack forms is a phishing email that entices the victim to click a hyperlink leading to a bogus login page for a popular service the victim is known to use or may use (e.g., Dropbox or Office 365). A popular vector for target attacks is payroll self-service sites.

Question 3

Is credential harvesting phishing, or something different?

Accepted Answer

Credential harvesting is often seen as equivalent to phishing. In fact, credential harvesting can use a wide range of tactics besides phishing, such as social engineering techniques, malware, weaponized documents/attachments, and digital skimming via compromised third-party code in otherwise legitimate sites. Attacks that “sniff” or siphon network packets can also be used to steal credentials.

Question 4

How can I prevent a credential harvesting attack?

Accepted Answer

Steps to reduce your risk from credential harvesting attack include anti-phishing training, using multi-factor authentication (MFA) wherever possible, applying application security best practices to detect malware injections and block skimming attacks via third-party web scripts and plug-ins, and using machine learning to enforce risk-based access control based on analysis of user behavior.