Hackers use phishing to steal Google accounts

by Linas Kiguolis - - 2017-11-12

IT experts report that phishing is still the most effective method to steal credentials

Hackers manage to get 250 000 valid log-in names and passwords of Google accounts via phishing

According to the latest analysis of Google security experts, hackers are capable of hijacking up to 250 000 Google accounts weekly and the number is only increasing^[1]. Researchers had been following the underground market where most of the valid passwords and log-in names are sold by criminals. During the 12 month research, they found:

1.9 billion account details are obtained from security breaches at well-known companies, such as Equifax^[2];
12 million credentials are swindled via phishing attacks;
788 thousand are generated by keyloggers.

The research has also revealed that phishing^[3] is the most significant threat to the nowaday's computer user, since various tests show that it can help harvest almost 234 thousand valid usernames/passwords. In the meanwhile, only 15 thousand of logins are obtained by keyloggers^[4].

Just like years ago, the most common passwords used by regular users:

123456; 1234567; 12345678; 123456789; password; password1; 111111; qwerty

Thus, it reveals that people are still lacking of the IT knowledge to protect their personal information from criminals.

People do not provide device details or current location easily

On the other hand, IT professionals mark out people's carefulness when they are asked to reveal their IP address and location – the percentage of users willing to give their IP address or other relevant device details is only 3.8%.

It seems that such carefulness really pays off – people who experienced an account hijacks were keen to submit information about their current location.

Google takes precautionary measures to help the victims

Google team reported that the research was supposed to determine methods used by hackers to hijack active accounts and improve their security services in this way. According to company's blog, now, when they can record log-in location and device details, they will be working on preventing criminal attacks.

Unfortunately, only 3.1% people have already started using the improved security services after encountering an account hijack. Yet, Google encourages users opting for their two-stage authentication mechanism^[5] and other precautionary measures.

This research is an excellent indicator showing the major problem that is not going to fade away unless people finally educate themselves about the importance of internet security.

About the author

Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References

^ Technology. Phishing Helps Hackers Hijack Google Accounts. BBC. News.
^ 2 Spyware news. 2Spyware. Security and spyware News.
^ Junxiao Shi, Sara Saleem. Phishing. The University of Arizona. Computer Science.
^ Nikolay Grebennikov. Keyloggers. How They Work and How to Detect Them. Securelist. Information about Viruses, Hackers and Spam.
^ 2-step Verification. Google. Stronger Security for Your Google Account.