“What we learned from the research proved to be immediately useful. We applied its insights to our existing protections and secured 67 million Google accounts before they were abused.” – Google 2017
The three greatest threats to users
According to Google, phishing attacks – which in case you don’t know are a method by which hackers trick you into revealing personal information – pose the “greatest threat” to its service users.
Over a period of a year, Google researched ways in which hackers steal users’ passwords to break into their accounts. The research showed that 788,000 login credentials were stolen via keyloggers – which are tools that secretly record every key pressed – 12 million credentials were stolen as a result of a phishing attack, and 3.3 billion credentials were exposed by third-party data breaches.
Google said, “By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.”
According to Google, 12-25 per cent of phishing and keylogger attacks against users’ accounts reveal a valid and useful (to the hackers!) password.
Shocking figures… but hackers are going even further than this…
In case a password is not enough to hijack an account, hackers are also using tools to work out device types and locations, phone numbers, and IP addresses!
Google and UC Berkeley collaborated to analyse black markets
Between March 2016 and March 2017, Google and UC Berkeley teamed up to analyse black markets trading in third-party password breaches. Their analysis showed that 25,000 blackhat tools were used for phishing and keylogging.
Google has repeatedly warned about the dangers of phishing and keylogging attacks, but despite this, it discovered that 12 per cent out of the 3.3 billion leaked records included a Gmail address, with seven per cent of the passwords being valid – this is a direct result of Gmail account owners continuously reusing them.
Google confirmed that, “Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.”
Although the research concentrated specifically on Google accounts, the company warned that these hijacking tactics were a risk to accounts on all other online platforms as well.
How can you protect yourself with Google’s help?
- Visit your Google Account’s Security Check-Up Page – which shows you how to protect yourself.
- Use Google Chrome to generate passwords for your accounts automatically.
- Check out Smart Lock. The passwords generated by Chrome will be saved automatically via Smart Lock. Smart Lock makes it easy to keep your devices and your accounts safe.
Google finishes by saying, “Finally, we regularly scan activity across Google’s suite of products for suspicious actions performed by hijackers and when we find any, we lock down the affected accounts to prevent any further damage as quickly as possible.”
“We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state.”
To sum up, if you are a Gmail account user, it makes a great deal of sense to follow the above advice to keep your accounts safe. At the very least, make sure you regularly update your password using a mixture of upper and lower-case letters, numbers, and symbols.