Most of us are very concerned about data breaches. They have the potential to expose usernames, passwords, and other types of confidential information. (If you’re smart, you’re working with IT cybersecurity professionals to protect your data on every front.)
Unfortunately, the majority of account takeovers actually come from simple phishing attacks, where someone in an organization gets tricked into releasing private credentials and information.
This information comes according to Google, who released the results of a year-long study on the root causes of account takeovers in Nov. 2017. This study was conducted between March 2016 and March 2017 in conjunction with researchers from the University of California, Berkeley.
The results revealed that phishing is far more dangerous to user confidentiality than data breaches because phishers collect additional information.
Google and the University of California researchers found that people who were tricked into handing over their username, password, and other details to phishers were 400 times more likely to have their accounts hijacked compared to a random Google user. In contrast, those whose credentials were leaked in a third-party breach were only 10 times more likely to have their account taken over.
While data breaches are certainly very destructive, Google’s study discovered that phishing is a much more dangerous threat to users in terms of account hijacking.
The research found 1.9 billion credentials that were exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. Most were being traded on private forums.
Despite these numbers, only 7 percent of credentials exposed in data breaches match the passwords used by its billion Gmail users. In comparison, a quarter of 3.8 million credentials exposed in phishing attacks matched the current Google password.
Phishing victims were 400 times more likely to have their account compromised than a normal Google user.
Once a user’s account is compromised, their credentials are illegally sold underground. “Enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets,” said Kurt Thomas, a member of Google’s anti-abuse research team, and Angelika Moscicki, from Google account security.
Phishing—The Greater Threat
Phishing kits contain prepackaged, fake login pages that imitate popular websites such as Gmail, Yahoo, Hotmail, and online banking sites. Criminals upload them to vulnerable websites to automatically capture and copy a user’s credentials to their accounts.
In addition, the researchers discovered that:
Now That You’ve Seen the Danger, What Can You Do to Prevent Phishing Attacks? Follow These 6 Important Steps to Keep Your Network Secure:
Beware of messages that:
Don’t believe messages that:
Be on the lookout for messages that:
Watch for flags like:
If you believe your password may have been breached, you can always change it.
If you haven’t backed up your data, and you’re attacked, it’s gone forever.
Don’t risk your data to the phishers. Cross Link Consulting can keep your data secure. Our Cybersecurity Experts are trained in the latest security tools and services. Contact us if you have any questions or require guidance on this or other IT subjects: Call (803) 279-1100 or send an email to: email@example.com