Phishing has been discovered to be the Biggest Online threat Among Others

Doris Richards
November 13, 2017

Third-party was responsible for stealing 3.3 billion credentials, while keyloggers and phishing breaches uncovered 788,000 and 12 million credentials respectively.

Google recommends protecting yourself by visiting its Security Checkup page and allowing Chrome to automatically generate passwords for your accounts and save them via Smart Lock. "We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user".

During the study's timeline, Google determined that, unfortunately, most users who fell victim to a phishing attack remained unaware that their account was at risk.

The study took place from March 2016 to March 2017 and the research focused primarily on tracking several large black markets trading in third-party password breaches and 25,000 blackhat tools utilised for phishing and keylogging.

Keylogging uses malicious software installed on an infected device to record user keystrokes, enabling bad actors to access others' login credentials.


"Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms' usernames and passwords on black markets", said Google. "Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution", they noted. Google pats itself on the back in its blog post, but the underlying message for Google account holders is to take advantage of the security tools that the company provides.

However, Google advised users to follow few simple steps to avoid such online hacks and said that it will help to make the account more secure.

The research has given Google some useful data that it has already put into action. So, now Google is being more serious to better understand how the hijackers break passwords and other critical sensitive information.

This study was demonstrated at the Conference on Computer and Communications Security or CCS, and it has been published on Google's Research website. The new features include default encryption, permission checks, support for cross-region replication of objects, support for object replicaton with Amazon's Key Management Service, and detailed inventory reporting. The issue does not arise because of the lack of security on the side of the account provider, but in most cases because of human error.

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER