- Jan 6, 2017
- 835
Cyber-thieves’ quarter million haul of valid log-in names and passwords for Google accounts every week.
Highly skilled hackers with unbelievable know-how may be infiltrating the highest levels of government, but the day to day cybercrimes are happening in a far more mundane fashion. According to a new study conducted by Google and UC Berkley, phishing emails provide hackers with nearly 250,000 username and password combinations every week, simply by getting the victim to follow through with the instructions.
This low-key involvement on the part of the criminal has been on the rise thanks to the understanding that they can get their targets to do the dirty work for them. From supplying credentials through “verify your account” emails to basic viruses that are installed when the victim clicks the link to ransomware that shuts down entire corporate networks, many of the behaviors that harm our tech and our information can be traced back to an oblivious user.
Phishing helps hackers hijack 250,000 accounts a week, says Google study
Usernames, passwords, and more
The study was conducted in order to find out the scope of account takeover and hijacking. Apart from the username and password phishing, they also found that keylogging and repurposing information that had been stolen in previous large-scale data breaches rounded out the top ways that victims’ accounts were attacked.
Must try harder
Sadly, the report also found that the number of people who take advantage of additional security measures following having their accounts infiltrated–methods like two-factor authentication, for example–was pitifully low, literally in the single digits of percentage points.
Looking for clues
For its part, Google’s interest in the study is in identifying victim behaviors that led to the attack, as well as helping to put new security measures in place. Things like physical location as a means to determine whether or not a login might be valid can prevent someone with stolen credentials from accessing an account; of course, the end result is the frustration of having to verify your account from time to time, but that is genuinely a small price to pay to keep a hacker out.
Highly skilled hackers with unbelievable know-how may be infiltrating the highest levels of government, but the day to day cybercrimes are happening in a far more mundane fashion. According to a new study conducted by Google and UC Berkley, phishing emails provide hackers with nearly 250,000 username and password combinations every week, simply by getting the victim to follow through with the instructions.
This low-key involvement on the part of the criminal has been on the rise thanks to the understanding that they can get their targets to do the dirty work for them. From supplying credentials through “verify your account” emails to basic viruses that are installed when the victim clicks the link to ransomware that shuts down entire corporate networks, many of the behaviors that harm our tech and our information can be traced back to an oblivious user.
Phishing helps hackers hijack 250,000 accounts a week, says Google study
Usernames, passwords, and more
The study was conducted in order to find out the scope of account takeover and hijacking. Apart from the username and password phishing, they also found that keylogging and repurposing information that had been stolen in previous large-scale data breaches rounded out the top ways that victims’ accounts were attacked.
Must try harder
Sadly, the report also found that the number of people who take advantage of additional security measures following having their accounts infiltrated–methods like two-factor authentication, for example–was pitifully low, literally in the single digits of percentage points.
Looking for clues
For its part, Google’s interest in the study is in identifying victim behaviors that led to the attack, as well as helping to put new security measures in place. Things like physical location as a means to determine whether or not a login might be valid can prevent someone with stolen credentials from accessing an account; of course, the end result is the frustration of having to verify your account from time to time, but that is genuinely a small price to pay to keep a hacker out.