Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches
Phishing attacks via fake emails pose the greatest threat to people, followed by keyloggers and third-party breaches as account hacking increases globally, a new Google study has revealed. Keystroke logging is a type of surveillance software that once installed on a system, has the capability to record every keystroke made on that system. The recording is saved in an encrypted log file.
According to Google, enterprising hijackers are constantly searching for, and can find, billions of different platforms' usernames and passwords on black markets. A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging. "In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches," Google said in a blog post late on Friday.
Account takeover, or 'hijacking', is a common problem for users across the web. More than 15 per cent of Internet users have reported experiencing the takeover of an email or social networking account.
"From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data," said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google. The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.
"While our study focused on Google, these password-stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12 percent of the exposed records included a Gmail address serving as a username and a password," the blog post read.
"Visit Google's Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock," Google cautioned.
Read full article at link below: