Account Harvesting is a cyberattack technique in which malicious actors systematically gather valid user account information, such as usernames, passwords, or other login credentials. This process is typically done through a combination of automated tools, trial and error methods and social engineering, with the ultimate goal of gaining unauthorised access to systems, networks, or online accounts. Once obtained, the harvested credentials can be used to carry out further attacks, such as account takeovers, identity theft, or fraud.
Process of Account Harvesting:
- Systematic attempts to guess usernames
- Trial and error password attempts
- Exploitation of weak authentication systems
Methods:
- Brute force attacks
- Dictionary attacks
- Social engineering
Targets:
- Email accounts
- Social media profiles
- Financial services accounts
Prevention:
- Strong password policies
- Account lockout mechanisms
- Multi-factor authentication
- CAPTCHA systems
Detection:
- Monitoring login attempts
- Analysing access patterns
- Implementing intrusion detection systems
Account harvesting poses significant security risks and requires robust prevention measures.