How many times have you heard ‘Think before you click’ from the IT guy? This rule is to be remembered for every link you receive in an email, especially nowadays, when phishing attacks are on the rise.
In a study entitled “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials”, Google researchers analyzed the 12-month period between March 2016 and March 2017. After crunching through all the data, what they found raised a red flag – and helps us understand the risks that all internet users are exposed to.
The researchers identified 788,000 potential victims of off-the-shelf keyloggers, 12.4 million potential victims of phishing kits, and 1.9 billion usernames and passwords exposed through data breaches and traded on black market forums often called the ‘dark web’. These victims span the entire the globe, so it’s a threat for everybody.
According to this study, the risk of a full email takeover depends significantly on how attackers first acquire the victim’s re-used credentials. Only 7% of the victims in third party data breaches have their current Google password exposed, compared to 12% of keylogger victims and 25% of phishing victims.
What Is Phishing?
Cyber criminals try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. You might have heard such a warning from the IT security department: don’t click on links that look suspect. Think of an email promising a hilarious video or that appears to come from a trustworthy source or a service that you regularly use that you weren’t expecting.
These emails are designed to trick you into clicking on malicious links or attachments. The website the link leads to may look legitimate, but if you inspect it carefully you will find various differences when compared to real deal. The malicious site is designed to trick the user into divulging sensitive information – particularly username and passwords or banking information – or simply downloading and installing malware onto the computer to infect it.
Compared to phishing attacks – which means that emails sent to any random account – spear-phishing is a targeted attack. These kinds of emails are designed to appear to come from someone the recipient knows and trusts, and furthermore can even include a subject line tailored to the recipient’s personal interests.
Google’s Actions to Shut Down Phishing
As explained by Google’s director of counter-abuse technology, the search giant and email service provider has implemented a multilayer account protection strategy known as defense in depth. The first layer between phishers and Gmail accounts is an automated bulk filtering process. In fact, Google actually blocks up to 90% of emails before it even reaches the account.
Google also uses a measurement tool that it calls ‘sender reputation’ to determine whether the sender is a malicious account or legitimate. It also scans for bad links, before finally subjecting messages that pass the first layers of defense to more intense filtering. In the end, if it finds the email suspicious, you will likely find the email in the spam folder.
In addition to those described above, Google has other security measures that it provides to its users, but these are downloaded only by those are security aware. Firstly, there is Password Alert, a service that warns users they have typed their Gmail password into a fake login page, and secondly there is the Google Advanced Protection Program.
But before you start using either of these services there are some steps Google – just like any other internet security professional – recommends:
- Create strong passwords.
- Use unique passwords for every account.
- Keep track of multiple passwords.
- Activate two-step verification.
We all know that it is impossible to remember the unique passwords of hundreds of online accounts we all have, so for that – and to help create cryptographically secure passwords – use a password manager. Check out our reviews section to pick the one that suits your needs.
Best Password Managers of 2018