Credential theft is a big problem for companies of all sizes, industries, and geographies. The 2022 Verizon Data Breach Investigations Report cited that nearly 50% of all data breaches were caused by stolen credentials. Even after years of concerted efforts to curb credential theft, including warnings, changing password requirements, and multiple forms of authentication, credential theft remains a top attack method used by cybercriminals. This glossary page provides an overview of credential theft attacks, the types of credential theft attacks, how these attacks work, and how to protect against them.


What Are Credential Theft Attacks?

Credential theft attacks are cyberattacks that target sensitive information such as usernames, passwords, and credit card information. They are typically carried out by malicious actors who seek to access web accounts, email accounts, bank accounts, or other personal information that can be used for financial gain or to commit identity theft. Criminals often use phishing, malware, keylogging, or other techniques to obtain credentials or use stolen credentials for further access.

Types of Credential Theft Attacks

As more sensitive content like personally identifiable information/protected health information (PII/PHI), financial account information, and intellectual property moves online, the threat of identity theft is continuously on the rise. Attackers employ a variety of different methods to obtain the credentials that provide access to this confidential information. Credential theft attack methods include:


Phishing is the method of stealing credentials through authentic-looking emails, text messages, or pop-up windows. Attackers try to trick users into providing their sensitive information, such as usernames and passwords, typically onto a fake landing page that’s made to look authentic but is really a site set up and controlled by the cybercriminal.


Keylogging is a type of attack where malicious software is installed on a user’s computer, allowing the attacker to record all keystrokes entered. Once these keystrokes, typically the numbers and letters used to enter a username and password, are intercepted, the attacker can reuse the login credentials to illegally enter systems holding sensitive information.

Social Engineering

Attackers also frequently use social engineering tactics to gain access to user credentials. Social engineering attacks involve an attacker impersonating a trusted individual and manipulating employees into revealing passwords, or tricking them into clicking links that install malware on their systems. Phishing is a form of social engineering; however, phishing is done without an interaction between the victim and the attacker.

Shoulder Surfing

Shoulder surfing attacks are conducted using visual observation to gather credentials from unsuspecting victims. An attacker, for example, may look over an employee’s shoulder to see the employee access or view sensitive information. Shoulder surfing attacks can be done in person or remotely, such as through the use of surveillance cameras.

Dumpster Diving

In dumpster diving attacks, attackers rummage through physical or digital trash for discarded papers or electronic files that contain valuable information.

Brute Force Attack

Attackers use automated programs to guess passwords. This can be done by trying common passwords or running sophisticated algorithms to crack passwords.

Common Targets of Credential Theft Attacks

Credential theft attackers are in search of sensitive information such as usernames, passwords, and credit card numbers. Some of the most common targets for this information include:

  • Online banking accounts
  • Email accounts
  • Social media accounts
  • Corporate networks
  • Payment systems
  • Cloud storage accounts
  • Medical records
  • Credit records
  • Password databases
  • Government databases

Credential Theft and the Dark Web

Once the criminals have the credentials, they can sell them on the dark web. The dark web is a part of the internet that is not indexed by search engines and requires specific software and configurations to access. It is often referred to as the “underground” or “shadow” internet, and is home to many online marketplaces that offer stolen credentials for sale. In the dark web, criminals can easily buy and sell stolen credit card numbers, passwords, and other sensitive data without fear of being caught.

How to Protect Against Credential Theft Attacks

Protecting against credential theft attacks is essential for both individuals and organizations. To protect against these types of attacks, organizations should implement appropriate security measures such as restricting access to sensitive information, encrypting data, monitoring networks for suspicious activity, and educating users on the importance of using strong passwords. Organizations should also regularly audit their systems to ensure security measures are effective and up to date, and use the latest software, such as network intrusion prevention systems and firewalls.

At a personal level, individuals should use strong, unique passwords for all accounts and regularly change them. Common passwords such as your name, birth date, or common words should also be avoided. Two-factor authentication should be used whenever possible, as it provides an additional layer of security. To further protect against credential theft attacks, users should also avoid using public computers or unsecured wireless networks, and keep software and operating systems up to date.

It’s also important to take steps to protect personal information such as credit card numbers, bank account information, and Social Security numbers. This includes not sharing this information online, on social media, or with strangers. It’s also important to be cautious when opening emails, attachments, or clicking links. Phishing is a common credential theft attack, and users should be mindful of what they click and share.

Credential theft attacks can be prevented by implementing appropriate security measures both at an organizational and personal level. Organizations should focus on encrypting data, monitoring networks for suspicious activity, and using the latest software. At a personal level, individuals should regularly change their passwords and use two-factor authentication whenever possible. Additionally, users should take steps to protect their personal information and be cautious when clicking links or opening emails. By following these steps, organizations and individuals can protect themselves from credential theft attacks.

Frequently Asked Questions

What is the role of cybersecurity awareness training in preventing credential theft?

Cybersecurity awareness training plays a crucial role in preventing credential theft. It educates individuals and organizations on the latest threats and best practices for protecting against cyberattacks. By training employees on how to identify phishing scams and other common attack techniques, organizations can reduce the risk of credential theft.

The three most important things to keep in mind about cybersecurity awareness training are:

  • Importance of training: Cybersecurity awareness training is critical in helping individuals and organizations understand the risks of cyberattacks and how to protect themselves.
  • Ongoing training: Cybersecurity threats are constantly evolving, so training should be ongoing to ensure that individuals and organizations stay up to date with the latest threats and best practices.
  • Engaging and relevant training: To be effective, cybersecurity awareness training needs to be engaging and relevant to the audience. Training should be tailored to the specific needs of the organization and delivered in a way that is easy to understand and remember.

What is password spraying?
Password spraying is a type of cyber attack in which an attacker tries to gain access to a system or network with a list of commonly used or weak passwords. The attacker will typically use a computer program or script to guess the passwords at a very low rate, usually one or two attempts per hour, in order to avoid detection. They will also usually vary their attempts between different username and password combinations.

What are the consequences of credential theft?
The consequences of credential theft can be severe, both for individuals and organizations. Depending on the type of information or asset compromised, the consequences can include:

  • Financial loss: If cybercriminals gain access to financial accounts or sensitive information, they can use it to steal money or engage in fraudulent activities. This can result in significant financial losses for individuals or organizations.
  • Reputational damage: A security breach resulting from credential theft can damage an organization’s reputation and erode customer trust. This can have long-term implications for the business.
  • Legal action: Depending on the nature of the breach and the laws in the relevant jurisdiction, individuals or organizations can face legal action or fines for failing to protect sensitive information.

What is credential harvesting?
Credential harvesting is a type of attack in which an attacker attempts to gain unauthorized access to user accounts by stealing login credentials such as usernames and passwords. This type of attack takes advantage of users who are unaware of the best security practices and unwittingly give away their credentials. Most credential harvesting attacks are carried out through phishing, a type of social engineering attack in which malicious emails or websites are used to trick users into revealing their personal data. In credential harvesting, cybercriminals try a list of common weak passwords such as 12345678 or 000000. This method enables cybercriminals to access multiple accounts in one attack.


How Kiteworks Can Help Improve a Business’s Overall Security Posture to Prevent Credential Theft Attacks

Kiteworks can help organizations secure their data to improve their security posture against credential theft attacks. The Kiteworks Private Content Network provides organizations with a secure, compliant, and trackable method for sharing sensitive data. Trusted partners who receive sensitive information sent using Kiteworks must authenticate via secure multi-factor authentication (MFA) before accessing the content. This prevents attackers from easily obtaining access to sensitive data and services. It requires users to enter a unique PIN code and one-time password sent to their mobile device or email, making it almost impossible for attackers to access systems. By combining strong authentication with data encryption, Kiteworks creates an additional layer of security to protect systems from credential theft attacks.

Kiteworks also offers a number of threat analytics and monitoring services that detect and alert organizations to potential threats from malicious actors. These services include real-time monitoring of network activity, which allows organizations to take action before unauthorized access to sensitive data occurs. In addition, Kiteworks provides end-to-end encryption and identity management solutions that help organizations protect their systems and data against credential theft attacks. With these solutions, organizations can create and manage strong passwords, implement two-factor authentication, and encrypt data stored in the cloud.

By leveraging Kiteworks’ comprehensive suite of security solutions, organizations can improve their security posture and reduce the risk of credential theft attacks. Schedule a custom demo today and learn how Kiteworks can help protect your business against credential theft attacks.


Back to Risk & Compliance Glossary

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.


Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Get A Demo