Phishing helps hackers steal Google accounts

Password listImage copyright

Image caption

Many people still use passwords that are really easy to guess

Cyber-thieves squeeze roughly 250,000 current log-in names and passwords for Google accounts any week, suggests research.

The investigate by Google and UC Berkeley looked during a ways email and other accounts get hijacked.

It used 12 months of log-in and comment information found on websites and rapist forums or that had been harvested by hacking tools.

Google pronounced a investigate helped secure accounts by display how people fell plant to scammers and hackers.

During a 12 months study a subterraneous markets, a researchers identified some-more than 788,000 certification stolen around keyloggers, 12 million grabbed around phishing and 1.9 billion from breaches during other companies.

Phishing involves attempts to pretence people into handing over personal information and keyloggers are programs that record any pivotal someone presses when regulating a computer.

Physical location

The many useful information for cyber-thieves came from keyloggers and phishing attacks as these enclosed current passwords in 12%-25% of attacks, it found.

Phishing attacks acted a biggest risk to users as these helped antagonistic hackers dip adult about 234,000 current names and passwords any week. By contrast, keyloggers usually yielded about 15,000 current certification any week.

Cyber-attackers also sought to squeeze other information that could be useful in attacks, pronounced a researchers.

Data about a person’s internet residence (IP) as good as a device they were regulating and their earthy plcae were all potentially useful for enemy seeking to improved confidence checks.

Popular passwords found in information breaches

  • 123456
  • password
  • 123456789
  • abc123
  • password1
  • 111111
  • qwerty
  • 12345678
  • 1234567

Gathering this information was most harder, found a research, with usually 3.8% of people who had certification leaked also giving divided IP addresses and fewer than 0.001% surrendering minute device information.

In a blog, Google pronounced it would use a formula of a investigate to labour a ways it speckled and blocked attempts to take over accounts. In sold it would raise efforts to use chronological information about where users logged in and a inclination they used to frustrate impersonation attacks.

However, a researchers concurred that a “multi-pronged problem” of comment hijacking compulsory efforts in lots of opposite areas.

It remarkable that usually 3.1% of people who had an comment hijacked subsequently started regulating softened confidence measures, such as two-factor authentication, after they regained control of a mislaid account.

Because of this, they said, educating users about improved ways to strengthen accounts should turn a “major initiative”.