Internet Security News: Google Study Shows Phishing Is Leading Threat to Users
A recently published study by Google revealed that people's data were more likely to be breached through phishing attacks.
As technology advances and the internet grows, people undeniably become more vulnerable to security and privacy attacks. Just this year alone, there have been several worldwide data breaches that have rattled international business operations, government institutions and private organizations.
While many cyber crooks are on the loose, Google recently concluded that people were more likely to become victims of cyber attacks caused by a trick called phishing, which was relatively less complicated than other forms of hacking activities.
Get Our Latest News for FREE
Phishing is one of the most commonly used cyber attacks. Its main goal is to obtain a person's online credentials such as usernames, email addresses, passwords, security questions and their answers, credit card numbers and more.
To accomplish the task, an attacker normally uses bogus but believable identities that try to persuade a target to log on to a fake website.
These websites were designed to imitate the exact appearance of legitimate sites, thus people could be tricked into putting their credentials without knowing that every detail they entered went straight to the attacker or were sent to what Google called the "exfiltration points."
In Google's study, the company learned that in just one year (March 2016 to March 2017), there have been "12.4 million potential victims of phishing kits" while "1.9 billion usernames and passwords" were unveiled in data breaches. These pieces of information were then "traded on black market forums."
Google learned that Gmail counts for 72.3 percent of the exfiltration points used over the course of their year-long research. While gathering this data, Google said: "We modify Gmail's anti-abuse detection systems to apply our rules to all inbound messages over the course of March, 2016–March, 2017 to identify the exfiltration points receiving stolen credentials."
Within that period, they noted "12,449,036 messages (excluding 0.8% filtered due to lacking at least 20 credentials) sent to 19,311 exfiltration points" on Gmail alone, which gives people an idea of how huge the phishing operations are.
In the end, Google maintained they intend to use their findings to "to improve our login defenses for all users." The company added: "Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution."
