What it is
Credential harvesting encompasses phishing pages, spoofed single sign-on prompts, malicious browser extensions, injected keyloggers, and credential-stealing malware designed to capture login secrets. Adversaries clone legitimate login experiences, embed scripts on compromised sites, or intercept authentication flows to siphon usernames, passwords, cookies, and MFA tokens. The stolen data fuels account takeover, privilege escalation, and follow-on attacks across any system where users reused credentials.
Why it matters
Valid credentials let attackers impersonate users, bypass many perimeter defenses, and blend into normal traffic. Because password reuse is rampant and cloud dashboards often expose the same identity provider across dozens of services, one successful phish can cascade across customer portals, SaaS platforms, and administrative consoles. Even mature programs that patch quickly are at risk if attackers can simply log in with real accounts and pivot quietly.
How to reduce risk
- Enforce phishing-resistant multi-factor authentication and hardware-backed keys wherever possible.
- Train users to recognize spoofed login flows, lookalike domains, and suspicious MFA prompts, and make reporting easy.
- Monitor for anomalous logins such as impossible travel, new device fingerprints, or atypical API usage, and automatically step up authentication.
- Require unique, strong passwords supported by password managers and scan for exposed credentials on dark web or breach feeds.