Credential Harvesting

For many years, malware viruses have been the go-to tool for cyber attackers – and as a result, cybersecurity protocols and training have been engineered to minimize the impact of malware. More recently, a new threat has emerged that is changing the landscape of cyber and information security: credential harvesting. To protect personal and/or company information and resources, you must familiarize yourself with this new data breaching method and ways to manage related risks.

What is credential harvesting?

Credential harvesting, also known as password harvesting, is the process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches. The possible motivations for such a breach are many: the hackers could sell delicate personal and financial data on the dark web; gain access to a company network for purposes of corporate espionage and steal IP or other assets; or use the data to embezzle money.

How credential harvesting occurs

A commonly cited source of credential harvesting is the use of phishing emails. These emails contain an attachment encoded with a hyperlink that, when clicked, uploads data-stealing programs onto your console. While phishing emails are the most common avenue, password harvesting can also be performed by malware viruses, cloned website links, the use of unsecure third party vendors, and ransomware. In many cases, the breached user has no knowledge that the malicious attack has occurred, and continues to believe they are shielded by cybersecurity measures.

This is especially accurate in cases when cloned websites are the source of the credential harvesting, as they are extremely similar in features and makeup to the real webpages they emulate. When a user logs into any account on a cloned website, their login information is directly sent to the attacker. The number of users who access accounts on phony websites can be significant and the stockpile of valuable data collected can have disastrous consequences.

Taking an active stance against credential harvesting scams

There are proactive steps anyone can take to mitigate the chances of falling prey to credential harvesting. Cloned websites can be detected by spotting an unusual URL unrelated to the actual website. For example, when using Google, instead of seeing a normal Google webpage, a cloned Google webpage will have a URL that is not Google related. Another common indicator that a webpage is cloned is if an unexpected web browser window pops up without a user physically opening it. For example, if the Google Chrome application randomly opens up as you are analyzing sensitive data vital to your company, your system may be infected. If caught in such a situation, it is best to not log into any accounts on the opened tab and instead force quit the application, and immediately notify your IT department of what happened.

When it comes to phishing emails, you must be vigilant when receiving emails and be sure not to click on any unknown or unusual links. This could lead to infected programs popping up that you did not intentionally download.

There a number of other ways a credential harvesting can occur. To protect your vital information from an instantaneous and anonymous breach, you should regularly back up your devices to the cloud and promptly install all security patches and upgrades.

Protecting your organization against credential harvesting

Credential harvesting is a real and rising threat … and anyone can be the next victim. Users must continually update their security software, backup their data, and be mindful of the links they follow and sites they visit. Following these simple steps will help protect you, and your business, from becoming the next victim of credential harvesting.

If you have any questions or fear your organization is at risk for credential harvesting, please reach out to the MGO Technology Group for a consultation.

Articles