Study finds phishing attacks pose greatest threat to Google services users

11 Nov 2017

A Google study has found that phishing attacks pose the ''greatest threat'' to users of its services.

The company studied how hackers steal people's passwords and break into their accounts.

Over a 12 months period, it found 788,000 login credentials stolen via keyloggers (tools that secretly record every key users press), 12 million stolen via phishing (a method of tricking users into giving up their personal information), and 3.3 billion exposed by third-party data breaches.

The company says, 12-25 per cent of phishing and keylogger attacks against Google accounts result in exposing a valid keyword.

But attackers are going further than this and using tools that also attempt to work out targets' phone numbers, IP addresses, device types and locations, in case a password is not enough to successfully hijack an account.

''By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches,'' said Google.

It added, ''What we learned from the research proved to be immediately useful. We applied its insights to our existing protections and secured 67 million Google accounts before they were abused.''

For the research, Google had teamed up with UC Berkeley. They analysed ''several black markets'' that traded third-party password breaches and 25,000 blackhat tools used for phishing and keylogging, between March 2016 and March 2017.

Even as it warned about phishing and keylogging attacks, Google also found that 12 per cent of the 3.3 billion leaked records included a Gmail address, and seven per cent of the passwords linked to these were valid, due to the account owners reusing them.

''Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms' usernames and passwords on black markets,'' said Google.

Google said in a blog that it would use the results of the research to refine the ways it spotted and blocked attempts to take over accounts. It would in particular, enhance efforts to use historical data about where users logged in and the devices they used to thwart impersonation attacks. The company boasts a range of resources for people affected or looking to protect themselves.

The researchers however acknowledged that the "multi-pronged problem" of account hijacking required efforts in many different areas.

Google noted that only 3.1 per cent of people who had an account hijacked subsequently started using improved security measures, such as two-factor authentication, after regaining control of a lost account.