Credential harvesting
The most common security incidents result from account compromises due to credential theft. Credential harvesting is a technique employed by an attacker to compromise the user credentials. There are various ways to steal credentials from the victim; in this section, we will discuss one of them: phishing.
Phishing is a technique where an attacker constructs a website designed to look and feel like a legitimate website in an attempt to trick a user into providing their credentials or other sensitive information. Typically, an attacker will host this fake web page on a web server that they control and will send the link to victims through e-mail, social networking, or other communication tools. The attack is successful if the user follows the link and submits their credentials, where they are captured by the attacker in turn. This attack, when combined with MITM, can yield a higher rate of success since the attacker is in control of other services, such as DNS, which the...