Credential Harvesting

Guarding Against Credential Harvesting Attacks

Credential harvesting refers to scams where attackers gather login credentials such as usernames and passwords. These scams often occur through phishing emails, fake login pages, or malicious software designed to capture sensitive information when unsuspecting victims attempt to log in.

Things to Be Careful About:

Fake Login Pages: Be cautious of login pages that look legitimate but have incorrect URLs or lack secure connections (HTTPS).
Third-Party Apps or Extensions: Avoid granting excessive permissions to apps or browser extensions that could capture your credentials.
Phishing Emails: Look out for emails that urge immediate action, often containing links to fake login pages.
Keyloggers and Malware: Scammers may use malicious software to record your keystrokes and capture passwords.
Reuse of Passwords: Credential harvesters exploit reused passwords across multiple platforms.

Actions That Can Be Taken:

Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts, ensuring that even if credentials are stolen, access cannot be easily gained.
Inspect URLs: Before entering credentials, verify the URL of the website to ensure it is legitimate and uses HTTPS.
Use Password Managers: Generate and store unique, strong passwords for each account using a trusted password manager.
Regularly Update Software: Ensure your operating system, browser, and antivirus software are up-to-date to protect against malware.
Report Suspected Sites: Notify service providers and cybersecurity organizations about phishing pages or suspicious login prompts.

Credential harvesting is a sophisticated threat designed to exploit trust and familiarity. By recognizing the signs and implementing strong security measures, you can protect yourself and your accounts from unauthorised access.