Serious Threat: Google reveals how hackers gets into your Gmail account

Serious Threat: Google reveals how hackers gets into your Gmail account

Following a year-long study by Google and UC Berkeley, we know that data breaches are the most popular method of stealing users' credentials, but phishing scams are more risky because of the extra information that's exposed.

A Google team found that Gmail accounts are more likely to be hijacked if hackers are using phishing methods than using malicious software such as keyloggers.

"From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data", said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.

Google said the majority of those using phishing kits and keyloggers to compromise credentials are concentrated in Nigeria, followed by the United States, Morocco, South Africa, United Kingdom, and Malaysia.

Google wanted to know how hackers steal passwords and other important data and it has conducted a study that explores deeper into how accounts get hijacked.

"By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches", Google says.

The study was presented at the Conference on Computer and Communications Security (CCS) in Dallas, Texas and is now available in full from Research at Google.

What we learned from the research proved to be immediately useful.

For some people, Google controls most of their identity online, and losing access to that critical account could be devastating.

The study, which was conducted by researchers from Google and UC Berkeley, also revealed that hundreds of millions of usernames and passwords are now being traded on black markets that can be used to access Google accounts.

According to the Mountain View Company, a total of 12 percent of the exposed records used Gmail addresses as a username and seven percent of those accounts reused the Gmail password for other services. "When we find any, we lock down the affected accounts to prevent any further damage as quickly as possible". For stronger security, there's also the company's Advanced Protection program that consists of three core defenses, including but not limited to Security Keys. When there is a sign-in attempt from a device you've never used, or a location you don't commonly access your account from, we'll require additional information before granting access to your account.

The study also makes note that while two-factor authentication would help mitigate problems associated with phishing, there are serious hurdles to wide-adoption, including ease of use, recovery from loss, and getting consumers to trust third-parties.

Finally, Google highlighted that they scan their suite of products for suspicious actions performed by hijackers on a regular basis. "We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state".

Related Articles