What is credential harvesting?

Credential harvesting is the gathering of compromised user credentials (usernames and passwords). Malicious individuals can find this information on sites like pastebin or on the dark web where compromised credentials are widely shared by malicious persons to gain access to sensitive data.

What should you do?

1- Pay Close Attention to the URL

In the example below, this malicious website mimcs our login page. As you can see, the URL address is not the correct one and you shall not enter your credentials.

Security warning

2- Check the Connection Security Indicators: Back to the address bar. If the last point didn’t underscore the importance of this browser feature—this one should drive the point home. Within the address bar are several connection indicators that let you know whether your connection with this website is private.  “Not Secure” warning on all websites will give you an immediate visual indication that your connection is not secure. However, a secure connection doesn’t necessarily equate to a safe website. Lots of fake websites use free SSL certificates. Just because the connection is secure (which should be mandatory), you don’t necessarily know who is on the other end of that connection. To verify a website’s HTTPS connection, you can also try this SSL checker tool.