Serious Threat: Google reveals how hackers gets into your Gmail account

Serious Threat: Google reveals how hackers gets into your Gmail account

Following a year-long study by Google and UC Berkeley, we know that data breaches are the most popular method of stealing users' credentials, but phishing scams are more risky because of the extra information that's exposed.

A Google team found that Gmail accounts are more likely to be hijacked if hackers are using phishing methods than using malicious software such as keyloggers.

"From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data", said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.

Google said the majority of those using phishing kits and keyloggers to compromise credentials are concentrated in Nigeria, followed by the United States, Morocco, South Africa, United Kingdom, and Malaysia.

Google wanted to know how hackers steal passwords and other important data and it has conducted a study that explores deeper into how accounts get hijacked.

"By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches", Google says.

The study was presented at the Conference on Computer and Communications Security (CCS) in Dallas, Texas and is now available in full from Research at Google.

What we learned from the research proved to be immediately useful.

For some people, Google controls most of their identity online, and losing access to that critical account could be devastating.

The study, which was conducted by researchers from Google and UC Berkeley, also revealed that hundreds of millions of usernames and passwords are now being traded on black markets that can be used to access Google accounts.

According to the Mountain View Company, a total of 12 percent of the exposed records used Gmail addresses as a username and seven percent of those accounts reused the Gmail password for other services. "When we find any, we lock down the affected accounts to prevent any further damage as quickly as possible". For stronger security, there's also the company's Advanced Protection program that consists of three core defenses, including but not limited to Security Keys. When there is a sign-in attempt from a device you've never used, or a location you don't commonly access your account from, we'll require additional information before granting access to your account.

The study also makes note that while two-factor authentication would help mitigate problems associated with phishing, there are serious hurdles to wide-adoption, including ease of use, recovery from loss, and getting consumers to trust third-parties.

Finally, Google highlighted that they scan their suite of products for suspicious actions performed by hijackers on a regular basis. "We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state".

Related Articles

  • OnePlus Security Troubles Mount As Root Access Backdoor Discovered In Preinstalled App

    OnePlus Security Troubles Mount As Root Access Backdoor Discovered In Preinstalled App

    The user can access manual tests like root status test, Global Positioning System test or the main activity by sending a command. Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.

    EgyptAir, Bombardier sign letter of intent for CSeries jets

    The value of the agreement would increase to almost $2.2 billion if options to acquire a further 12 CS300s are exercised, the statement said.

    Android 8.1 Appears Set to Reduce Inactive App Size, Saving Device Storage

    According to the code first spotted by XDA-Developers, Android 8.1 will make apps inactive that haven't been used in a while. This chart is an indication of what version of Android is running on how many devices in the market in terms of percentage.
  • US FDA approves first drug with digital ingestion tracking system

    Mitchell Mathis, director of the division of Psychiatry Products in the FDA's Center for Drug Evaluation and Research. The sensor in Abilify MyCite is ingestible and can also record when the patients had taken the pill.
    Bank of England reveals last day to use old £10 notes

    Bank of England reveals last day to use old £10 notes

    The Bank of England says they are also an improvement on the previous version in terms of security and durability. The new notes are the first to have a tactile feature that helps blind and partially sighted people.

    Parents warned of 'worrying' security risks in Christmas 'smart' toys

    The I-Que Intelligent Robot, has previously featured on Hamleys top toys Christmas list and is available from Argos and Hamleys. It was found that hackers could send their own voice messages to the toy, and receive the replies from the child.
  • REAL MADRID - Ronaldo wants Blancos exit

    REAL MADRID - Ronaldo wants Blancos exit

    Following Los Blancos' 3-1 reverse against Tottenham in the Champions League, he revealed he was not looking to sign a new deal. Ronaldo only managed one goal in seven La Liga outings this season, which is enough to suggest he may be past his prime.
    Vidya Balan shuts up journo who asks if she'll lose weight

    Vidya Balan shuts up journo who asks if she'll lose weight

    However, it's really hard to change people's perspective who think a well toned up body of a woman can only be called glamorous. The trailer of the film is receiving good reviews on YouTube with people appreciating Vidya Balan's "bindaas" avatar.
    China has record number of supercomputers in TOP500

    China has record number of supercomputers in TOP500

    By this measure, Fujitsu's K Computer at the RIKEN Advanced Institute for Computational Science in Japan is the top performer. The list, produced twice a year, rates supercomputers based on speed in a benchmark test by experts from Germany and the US.
  • Overwatch Getting 4K Support for Xbox One X

    Overwatch Getting 4K Support for Xbox One X

    It starts at 7pm United Kingdom time on Friday and ends at 7.59am United Kingdom time on the morning of November 21. Moira is a support hero and she is able help her allies with abilities that can both heal and cause damage.
    Motorola Moto Tab with 10.1-inch FHD display, Android Nougat announced

    Motorola Moto Tab with 10.1-inch FHD display, Android Nougat announced

    If the specs, not to mention the straightforward name, reminds you of Lenovo's own tablets, you wouldn't be too far from the mark. Now we have come to know that the tablet is dubbed as Lenovo Moto Tab , and will be launched in the United States on November 17.
    Commissioner says Conor McGregor off UFC 219 card after 3 Arena incident

    Commissioner says Conor McGregor off UFC 219 card after 3 Arena incident

    Although a fight has yet to be officially confirmed, De La Hoya has said he is willing to take on the Irishman in the ring. Oscar De La Hoya is looking to fight Conor McGregor if he makes a comeback to boxing.