Cyber 101 – Credential Harvesting

With a new cyberattack reported every day, everyone is asking one question; how can I make sure I’m not next? Cyber 101 is a series of blogs focusing on the ultimate basics of cybersecurity. By utilizing these simple remediations, your networks and accounts will be on their way to defending against cyber actors.

What is Credential Harvesting?

Credential harvesting is a cyber-attack designed to collect the login credentials of unsuspecting web users. By either asking or prompting a user to provide their login details, a credential harvester can now guarantee login to a valid account. While there are many ways to perform a credential harvest, attackers tend to focus on account information that can be used to obtain sensitive information, such as banking information or corporate account information.

Spotting Credential Harvesting

Hackers use two main techniques to perform credential harvesting; social engineering and login masquerades.

Social engineering is used in credential harvests where the hacker impersonates a person of trust and asks users for their login information. Examples of social engineering include calls or emails from claimed support technicians asking for your password as part of IT administration or troubleshooting. You should never give your password to anyone, and real IT professionals will never ask for your password. By controlling who has access to your login information, you can prevent social engineering attempts at credential harvesting.

Hackers may also achieve credential harvesting by creating fake login screens. This technique is known as a masquerade, where a malicious actor replaces a trusted login portal with a site designed to steal credentials. Detecting a login masquerade can be difficult as hackers will go to great lengths to make the fake site look as close to the original as possible. You should never follow a link in a text message or email that asks you to reset your password, as this is a favorite technique of bad actors to direct you to a fake login page. Any time you enter your login information, you should ensure that you are on the correct domain. Always check the URL of the site you are on before entering your login information, and make sure that your browser displays a lock to the left of the URL. A lock icon in the address bar indicates that the site is secured with some form of encryption, a requirement for banking websites that is often absent in masquerades.

Defending Against Credential Harvesters

Identifying credential harvesters is the first step in protecting yourself against them. By using the steps we outlined in the last section, you should be able to spot an attempt to steal your credentials successfully. It is also essential to report attempts to steal your information. If you receive a note from someone claiming to represent your IT team, the email should be forwarded to ensure security professionals are aware of the scam. If you receive a link to a credential harvester in your personal email, you should mark it as spam, helping your email provider prevent malicious requests from being sent in the future.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: