2 min read

Phishing is the greatest threat to account-based online services – research

Filip TRUȚĂ

November 14, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishing is the greatest threat to account-based online services – research

Internet giant Google has teamed up with the University of California, Berkeley to better understand how hijackers manage to trick users into taking over their online accounts via keyloggers, phishing attacks, or by using data exposed in large breaches.

By tracking black markets that traded third-party password breaches, as well as blackhat tools for phishing and keylogging, the team found that 788,000 credentials were stolen via keyloggers between March 2016 and March 2017.

During the same period, 12 million credentials were stolen via phishing, and 3.3 billion credentials were exposed by third-party breaches.

Looking at data breaches only, the team found that 12% of the exposed records included a Gmail address serving as a username and a password, while 7% of those passwords proved valid for reuse.

Attacks leveraging phishing schemes and keyloggers also successfully targeted Google accounts, with 12-25% of attacks yielding a usable password.

To its defense, Google notes that, while its study focused on its own user base, “these password stealing tactics pose a risk to all account-based online services.”

Google”s research further uncovered that, because it uses various safeguards to prevent hackers from stealing user credentials, hijackers are employing increasingly sophisticated methods to try to collect sensitive data that the company may request when verifying an account holder”s identity.

In other words, both the vendor and the user must guard against scams.

Google lists a number of safeguards that users can leverage to detect phishing attacks, but doesn”t mention dedicated anti-malware solutions with anti-spam and anti-phising mechanisms.

“We found 82% of blackhat phishing tools and 74% of keyloggers attempted to collect a user”s IP address and location, while another 18% of tools collected phone numbers and device make and model,” write Kurt Thomas, of the Anti-Abuse Research team, and Angelika Moscicki, of the Account Security team.

“By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches,” Google says.

Google is publishing this information so other vendors of online services can use the data to better secure their offerings.

The company further notes that all account-based online services should “supplement their authentication systems with more protections beyond just passwords.”

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read