What Is Credential Harvesting and How Do Threat Actors Pull It Off?

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be very successful, as over 79% of business accounts were compromised by threat actors using credential harvesting tactics, such as credential phishing.

In this blog post, we’ll answer “what is credential harvesting?” as well as explain how it works, its repercussions, why it’s becoming more prevalent, and common techniques threat actors use to get away with it.


What Is Credential Harvesting?

Credential harvesting is a cyber attack method that involves a threat actor compromising login credentials, such as usernames and passwords, of personal and financial data. Typically, this cyber attack strategy uses various phishing tactics to target organizations and their employees.

The Repercussions of Credential Harvesting

Given the fact that credential harvesting involves stealing login credentials, it can lead to catastrophic consequences.

For example, if a threat actor gains access to your organization’s login information, they may be able to access sensitive data, hold it for ransom, leak it, or destroy it altogether.

Additionally, credential theft can result in company-wide data breaches that can take your operations down and cause both irreparable financial and reputational damage.

Why Is Credential Harvesting Becoming More Prevalent?

Technology is often a double-edged sword; convenient login features, such as autofill password capabilities, may be nice luxuries, but they are susceptible to several credential-harvesting tactics. Many websites and apps offer quicker login features, such as single sign-on capabilities, allowing users to input their credentials without ever needing to do so again.

While this is a convenient feature, it also makes your systems extremely vulnerable to credential-compromising tactics. Threat actors know this and understand single sign-on sometimes bypasses any other verification measures, giving them quick and easy access to sensitive data. 


How Threat Actors Pair Phishing With Credential Harvesting

Business Email Compromise (BEC)

Threat actors see untrained employees of organizations as easy targets for cyber threats, such as BEC attacks.

BEC attacks occur as a result of threat actors using social engineering and credential phishing tactics to gain access to corporate and executive-level email accounts. By posing as an executive or employee, threat actors may use BEC attacks to solicit payments or higher-level credentials to access sensitive data.

Clone Phishing

Clone phishing is a type of credential harvesting that’s difficult to notice if you or your employees are not careful. This phishing attack occurs when a threat actor creates an almost indistinguishable cloned email of an email that’s already been sent.

The threat actor will often clone an email that has an attachment already, except in the cloned email, they will attach malicious code to a link or file. They may even change the subject line to acknowledge that it’s being resent, such as “just in case you didn’t get the first email” or “resending this for your convenience.”

Info-Stealing Malware

Info-stealing malware is a type of malware that enables credential compromise, such as usernames and passwords, from multiple locations, like web browsers and email apps.

This malware is deployed using the Trojan horse tactic; threat actors attach info-stealing malware to phishing emails or text messages, prompting the target to open the message without realizing the malware is attached to the file.

Info-stealing malware can even compromise personal and financial credentials to access payment information.


Pharming is a credential harvesting tactic in the form of a phishing attack that involves the threat actor tricking the target into installing malicious code onto their device and prompting them to visit a fake website where they will then be asked to insert their login credentials.

The website may be a nearly identical replica of an organization’s website and target employees who are none the wiser. Another example could be the website of a financial institution, such as a bank, allowing the threat actor to compromise the login credentials for payment information.

Evil Twin Phishing

The Evil Twin credential phishing attack involves the threat actor creating a false Wi-Fi network that replicates the one(s) your organization uses. Once an employee connects to the fake Wi-Fi network, the threat actor can access and steal any information provided by the targeted employee.

For example, Once connected to the threat actor’s Wi-Fi network, an employee may input login credentials to sensitive data, enabling the threat actor to steal that login information to access your private data.

While most devices automatically connect to networks after the first time, new employees or employees who need to reconnect to your Wi-Fi network manually could be at risk of Evil Twin phishing attacks.


Get the Step-by-Step Guide for Avoiding Cyber Threats

With the various types of cyber threats your enterprise must be conscious of, protecting against them all can be incredibly challenging without the right tools, support, and resources.

Our team of cybersecurity professionals has created a guide designed to help enterprises like yours avoid the most devastating cyber attacks.

Download your copy of Learn to Avoid Cyber Threats in 5 ½ Easy Steps today.

New call-to-action

Topics: Password Management

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›

Password Management Best Practices: How Secure Are Password Managers?

Password managers are convenient tools for storing, organizing, and accessing passwords. But are they safe from cyber attacks?

Read more ›