Google says phishing attacks are the biggest risk to web users

Posted Nov 10, 2017 by James Walker
A Google study has found phishing attacks crafted by scammers are a far bigger threat than keyloggers and reusing passwords. Thieves obtain over 250,000 valid sets of credentials for Gmail accounts each week, illustrating the scale of the problem.
A hacker in action.
A hacker in action.
Davide Restivo (CC BY-SA 2.0)
Google teamed up with the University of California, Berkeley and the International Computer Science Institute to find the most common way in which user accounts get hijacked. The study looked at a variety of hacking techniques to determine the biggest threat to web users. The results may come as a surprise.
During the 12-month research period, the researchers observed over 12 million instances of account theft caused by a phishing attack. Just 788,000 sets were stolen by keylogging software. Phishing campaigns and keyloggers had a similar success rate, with between 12% and 25% of credential pairs containing a valid password.
The data reveals that a crafted phishing campaign can be as successful as dedicated software designed to actively steal passwords. Given the increased complexity of creating, deploying and managing keyloggers, cybercriminals appear to be opting for far simpler techniques that revolve around social engineering.
READ NEXT: 25% of small firms 'doing nothing' to defend against cyberthreats
Google said this should be taken as a sign that more needs to be done to educate web users. The company committed to improving its own login defences, noting that proactive security systems that can detect account irregularities can significantly lessen the threat. Giving services the ability to spot unusual logins based on location and user behaviour patterns could make it harder for attackers to use stolen credentials.
"We are now using these insights to improve our login defenses for all users," Google said in the study. "Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution."
The researchers collected their data by monitoring dark web credential trading markets. They visited several public sites as well as private hacking forums. Along the way, they found legitimate credential sets taken in historical breaches of companies including Adobe, LinkedIn and MySpace.
Although not the subject of a major data leak, Google itself is frequently targeted by hackers. The company found that more Gmail users are impacted by phishing campaigns and keyloggers than any other email provider. 29.8% of keylogging victims used a "" Gmail address, followed by 11.5% for Yahoo and 9.4% for Microsoft's legacy ""