Google has conducted a study that delves deeper into how accounts get hacked, taken over, or hijacked.
In short, the threats online can be summed up to three MOs: keylogging, third-party breaches, and phishing, which has been discovered to be the biggest threat among the three.
To carry out the study, Google partnered up with the University of California, Berkeley, analyzing the online black market from March 2016 to March 2017.
Third-party breaches exposed 3.3 billion credentials, while keyloggers and phishing were responsible for stealing 788,000 and 12 million credentials respectively.
According to the Mountain View company, 12 percent of the exposed data via third-party breaches used Gmail addresses as usernames, and the passwords for 7 percent of those accounts were reused in other services, meaning that they were more vulnerable to hacks and other online attacks.
In Google’s services, it has been becoming less common to access an account using only a password. As such, hackers have developed software to work around the added security measures for authentication purposes.
The study says that 82 percent of blackhat phishing tools and 74 percent of keyloggers would try to collect IP addresses. On the other hand, 18 percent targeted phone numbers and the device’s make and model.
“By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches,” Google says.
This study was demonstrated at the Conference on Computer and Communications Security or CCS, and it has been published on Google’s Research website.
To stay safe online, it’s recommended to turn on two-factor authentication, or in Google’s case, 2-Step Verification. For stronger security, there’s also the company’s Advanced Protection program that consists of three core defenses, including but not limited to Security Keys.
More importantly, though, the main takeaway here is to never use the same password across multiple accounts. Needless to say, that’s because if a hacker manages to successfully steal one credential, then they can use it to access the victim’s accounts on other websites.
To boil things down, Google has been taking numerous steps to keep users safe online, even going so far as to offer a $1,000 bounty to users who find malware or security issues on third-party apps on the Play Store.
The latest study highlights how important it is to always keep your account in check and away from would-be perpetrators by taking advantage of the company’s security programs.
This article will be removed soon! For any further need, you can take notes.