An account harvest strategy—also called account harvesting—is the process of collecting user accounts for future account takeover attacks. Generally, account harvesting is the first step in collecting passwords or performing account takeover attacks. Collecting accounts can be performed using various methods, including malware installation on local devices, phishing, social engineering, or purchasing account lists on the dark web.
Having an account doesn’t grant cybercriminals access to private data, but it’s the first step for many malicious activities. With an account username, an attacker can use scripting methods to run through many common passwords to compromise the user’s account and the data on the account. Organizations can implement various strategies to stop account takeovers, but users should always take steps to protect their accounts without relying on vendors to detect fraud before it happens.
Phishing is the most common method for account harvesting. Malware running on workstations also threatens organizations and their user accounts. Email is the most common attack vector for phishing. Still, the payload might be a malicious website used to trick users into divulging their account information or a malicious message attachment used to execute malware. Data can be silently sent to an attacker-controlled server where user accounts are harvested for future attack strategies. Social engineering might also be incorporated to trick users into divulging their credentials.
Harvested accounts are stored in a list, which usually contains passwords if phishing is involved. If any targeted victims realize they’ve been phished for their data, the accounts might not be legitimate anymore. Most victims don’t know they’ve fallen for a phishing scam, so their accounts are collected and stored. Accounts can be corporate credentials or personal credentials used in identity theft.
Some attackers validate accounts using automation. With the list of accounts, the script attempts authentication on a specific site without the proper monitoring and automation blocks (e.g., CAPTCHA). Usually, the attacker will validate accounts on small organization websites to avoid detection from larger organizations with advanced tracking and monitoring. The goal is to validate that the list’s account users have the same passwords across multiple sites.
Password reuse is the most dangerous user mistake with account harvesting. Once an attacker knows that a user assigned the same password across multiple sites, the account can be used to access sensitive data. The attacker might not use the account credentials to steal data. Instead, the attacker might sell the list of validated account credentials to third parties. The third parties can then use the account credentials to steal identities or sensitive information from the compromised accounts.
Account harvesting can be stopped with security awareness training that explains to users the dangers of reusing the same password across multiple sites. Phishing is also dangerous to corporate accounts, but organizations can protect from phishing with strict email security and filtering that blocks suspicious messages. Antivirus can be a final step in protection to stop malware from executing on a workstation or business server.
Susan Morrow
- SECURITY AWARENESS TRAINING
Learn More
Related Terms
Further Reading
- Phishing Attack Examples and How to Prevent Them
- What Email Phishing Filters Can Do for Your Security Strategies
- How to Reduce the Risk of Phishing and Ransomware
How Can TitanHQ Help?
TitanHQ offers a range of solutions to to protect against account harvesting attacks. Anti-Spam Solution for email security provides powerful email security to block phishing emails and malicious attachments, while our Phishing Protection Solution defends against phishing attempts through advanced filtering and simulations. Additionally, Security Awareness Training educates users on the dangers of phishing and password reuse, helping to strengthen your organization’s defense.
Talk to our Team today
