Credential Phishing

Credential phishing is a targeted form of phishing in which the goal is not to install malware but to harvest login credentials. Victims receive a convincing message — by email, SMS, or social media — urging them to click a link that leads to a spoofed login page closely mimicking a legitimate service (bank, email provider, social network, cloud platform). When the victim enters their credentials, they are captured by the attacker's infrastructure and the victim may be transparently redirected to the real site to avoid suspicion.

Credential phishing pages are often served from compromised legitimate websites, newly registered lookalike domains, or open-redirect vulnerabilities on trusted domains. Phishing kits automate the creation and deployment of convincing replicas and may include features to bypass or forward two-factor authentication codes in real time.

Harvested credentials are used directly for account takeover, traded on dark-web markets, or fed into credential-stuffing tools that test them across hundreds of other services. Volume is key: even a low success rate across millions of phishing emails yields thousands of valid credentials.