IT experts report that phishing is still the most effective method to steal credentials
According to the latest analysis of Google security experts, hackers are capable of hijacking up to 250 000 Google accounts weekly and the number is only increasing. Researchers had been following the underground market where most of the valid passwords and log-in names are sold by criminals. During the 12 month research, they found:
- 1.9 billion account details are obtained from security breaches at well-known companies, such as Equifax;
- 12 million credentials are swindled via phishing attacks;
- 788 thousand are generated by keyloggers.
The research has also revealed that phishing is the most significant threat to the nowaday's computer user, since various tests show that it can help harvest almost 234 thousand valid usernames/passwords. In the meanwhile, only 15 thousand of logins are obtained by keyloggers.
Just like years ago, the most common passwords used by regular users:
123456; 1234567; 12345678; 123456789; password; password1; 111111; qwerty
Thus, it reveals that people are still lacking of the IT knowledge to protect their personal information from criminals.
People do not provide device details or current location easily
On the other hand, IT professionals mark out people's carefulness when they are asked to reveal their IP address and location – the percentage of users willing to give their IP address or other relevant device details is only 3.8%.
It seems that such carefulness really pays off – people who experienced an account hijacks were keen to submit information about their current location.
Google takes precautionary measures to help the victims
Google team reported that the research was supposed to determine methods used by hackers to hijack active accounts and improve their security services in this way. According to company's blog, now, when they can record log-in location and device details, they will be working on preventing criminal attacks.
Unfortunately, only 3.1% people have already started using the improved security services after encountering an account hijack. Yet, Google encourages users opting for their two-stage authentication mechanism and other precautionary measures.
This research is an excellent indicator showing the major problem that is not going to fade away unless people finally educate themselves about the importance of internet security.