Skip to main content


Home Credential harvesting

Credential harvesting

(also credential phishing or password harvesting)

Credential harvesting definition

Credential harvesting, also known as credential phishing or password harvesting, is a technique cybercriminals employ to obtain usernames, passwords, and other sensitive data from unsuspecting victims. This information is typically acquired through deceptive websites or forms, often designed to mimic legitimate services, where users unknowingly input their credentials.

See also: SSL encryption, two-factor authentication

Credential harvesting examples

  • Phishing emails: An email that appears to be from a trusted entity, such as a bank or a reputable online service, could contain a link leading to a deceptive login page, which tricks users into divulging their credentials.
  • Malicious mobile applications: Cybercriminals can create fake versions of popular apps. When users log in, their credentials are stolen.

Comparing credential harvesting to similar terms

Credential harvesting should not be confused with identity theft, although they are related. Identity theft involves using stolen personal information for malicious purposes, often financial gain. On the other hand, credential harvesting is merely a method used to acquire this sensitive information.

Advantages and disadvantages of credential harvesting

While there are no legitimate pros to credential harvesting because it is an unethical and illegal activity, understanding its cons from a victim's perspective is vital.

Cons:

  • Privacy breach: Stolen credentials can lead to significant privacy breaches.
  • Financial loss: If banking or credit card details are harvested, victims may experience a financial loss.
  • Identity theft: Stolen credentials can be used for identity theft, further compounding the damage.

How to protect against credential harvesting

  • Be wary of unsolicited communications asking for your credentials.
  • Use multi-factor authentication (MFA) wherever possible.
  • Regularly update and diversify your passwords.