“What we learned from the research proved to
be immediately useful. We applied its insights to our existing protections and
secured 67 million Google accounts before they were abused.” – Google 2017
The three greatest threats to users
According to
Google, phishing attacks – which in
case you don’t know are a method by which hackers trick you into revealing
personal information – pose the “greatest
threat” to its service users.
Over a period of a
year, Google researched ways in which
hackers steal users’ passwords to break into their accounts. The research showed that 788,000 login credentials were
stolen via keyloggers – which are tools that secretly record every key pressed
– 12 million credentials were stolen as a result of a phishing attack, and 3.3
billion credentials were exposed by third-party data breaches.
Google said, “By ranking the relative risk to users, we found that phishing posed
the greatest threat, followed by keyloggers, and finally third-party breaches.”
According to
Google, 12-25 per cent of phishing and keylogger attacks against users’ accounts
reveal a valid and useful (to the hackers!) password.
Shocking figures… but hackers are going even
further than this…
In case a password is not enough to hijack an
account, hackers are also using tools to work out device types and locations,
phone numbers, and IP addresses!
Google and UC
Berkeley collaborated to analyse black markets
Between March 2016 and March 2017, Google and
UC Berkeley teamed up to analyse black markets trading in third-party password
breaches. Their analysis showed that 25,000 blackhat tools were used for
phishing and keylogging.
Google has
repeatedly warned about the dangers of phishing and keylogging attacks, but
despite this, it discovered that 12 per cent out of the 3.3 billion leaked
records included a Gmail address, with seven per cent
of the passwords being valid – this is a direct result of Gmail account owners continuously
reusing them.
Google confirmed that, “Our findings were clear: enterprising hijackers are constantly
searching for, and are able to find, billions of different platforms’ usernames
and passwords on black markets.”
Although the research
concentrated specifically on Google accounts, the company warned that these hijacking
tactics were a risk to accounts on all other online platforms as well.
How
can you protect yourself with Google’s help?
- Visit
your Google Account’s Security Check-Up Page – which shows you how to
protect yourself. - Use
Google Chrome to
generate passwords for your accounts automatically. - Check
out Smart Lock. The
passwords generated by Chrome will be saved automatically via Smart Lock. Smart
Lock makes it easy to keep your devices and your accounts safe.
Google finishes by saying, “Finally, we regularly scan activity across
Google’s suite of products for suspicious actions performed by hijackers and
when we find any, we lock down the affected accounts to prevent any further
damage as quickly as possible.”
“We
prevent or undo actions we attribute to account takeover, notify the affected
user, and help them change their password and re-secure their account into a
healthy state.”
To sum up, if you are a Gmail
account user, it makes a great deal of sense to follow the above advice to keep
your accounts safe. At the very least, make sure you regularly update your
password using a mixture of upper and lower-case letters, numbers, and symbols.
Try taking preventative measures, especially if you are a small business. To protect your business and even find out when a virus or other malware has entered your network, use smartmonitorlite.