NEW: Live Call Protection is here. See how it works →
ScamAvert Logo ScamAvert
← Back to all scams

Credential Harvesting

Guarding Against Credential Harvesting Attacks

Credential harvesting is when attackers trick you into typing your username and password into a page that isn't really the one you think it is. The login screen looks like Gmail, your bank, Microsoft 365, or a site you use every day, but the details go straight to the scammer, who then signs in as you.

The bait is usually a phishing email or text with a link, often warning that your account will be locked, a payment has failed, or a document is waiting for you. The fake page sits on a URL that's slightly off from the real one. If you reuse the same password elsewhere, one stolen login can quickly become several.

Credential Harvesting Illustration

Things to Be Careful About:

  • Fake Login Pages: Be cautious of login pages that look legitimate but have incorrect URLs or lack secure connections (HTTPS).
  • Third-Party Apps or Extensions: Avoid granting excessive permissions to apps or browser extensions that could capture your credentials.
  • Phishing Emails: Look out for emails that urge immediate action, often containing links to fake login pages.
  • Keyloggers and Malware: Scammers may use malicious software to record your keystrokes and capture passwords.
  • Reuse of Passwords: Credential harvesters exploit reused passwords across multiple platforms.

Actions That Can Be Taken:

  1. Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts, ensuring that even if credentials are stolen, access cannot be easily gained.
  2. Inspect URLs: Before entering credentials, verify the URL of the website to ensure it is legitimate and uses HTTPS.
  3. Use Password Managers: Generate and store unique, strong passwords for each account using a trusted password manager.
  4. Regularly Update Software: Ensure your operating system, browser, and antivirus software are up-to-date to protect against malware.
  5. Report Suspected Sites: Notify service providers and cybersecurity organizations about phishing pages or suspicious login prompts.

Credential harvesting is a sophisticated threat designed to exploit trust and familiarity. By recognizing the signs and implementing strong security measures, you can protect yourself and your accounts from unauthorised access.

Quick next step

Still worried about online scams?

If something doesn’t feel right, you don’t have to deal with it alone. Get instant guidance from ScamAvert AI, or try the free Open Beta app for ongoing protection.

 No credit card required

Try the Free Open Beta App