Credential Harvesting
The process of collecting usernames, passwords, and other authentication credentials through phishing sites, malware, or data breaches.
Overview
Credential harvesting is a primary objective of many cyberattacks. Attackers create fake login pages that mimic legitimate services, deploy keyloggers, or exploit data breaches to collect credentials. These stolen credentials are then used for account takeover, sold on dark web markets, or used in credential stuffing attacks. The prevalence of password reuse across services makes harvested credentials extremely valuable. Organizations face significant risk when employee credentials are compromised, as attackers can access corporate systems, email, and sensitive data.
Real-World Examples
- ▸Fake Microsoft 365 login pages
- ▸Phishing emails leading to credential capture forms
- ▸Malware that records keystrokes
Related Terms
Protect Against Credential Harvesting
PhiShark's agentic AI detects and analyzes threats in real-time
Start Free Trial