Google knows you’re surprisingly easy to phish, it wants to change that

fly-fishing

How safe are you online? You’re not the kind of person who’d fall for a phishing scam right? I mean you’d have to be pretty stupid to get fooled like that right? Well, according to Google, we should probably all be a little less cocky when it comes to our online security.

The internet giant has just released the results of a new study which suggests that we’re all actually a lot easier to target online than we think.

According to the study, even though “manual hijacking” events — in which professional attackers spend considerable time exploiting a single victim’s account, often causing financial losses — are pretty rare, they’re still a very real threat.

The most common form of manual hijacking is phishing, which makes use of deceptive messages meant to trick you into handing over your username, password, and other personal info.

For the study, Google says, it analysed several sources of phishing messages and websites, observing both how hijackers operate and what sensitive information they seek out once they gain control of an account.

Here are some of the results which came out of the study:

Simple but dangerous: Most of us think we’re too smart to fall for phishing, but our research found some fake websites worked a whopping 45% of the time. On average, people visiting the fake pages submitted their info 14% of the time, and even the most obviously fake sites still managed to deceive 3% of people. Considering that an attacker can send out millions of messages, these success rates are nothing to sneeze at.

Quick and thorough: Around 20% of hijacked accounts are accessed within 30 minutes of a hacker obtaining the login info. Once they’ve broken into an account they want to exploit, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other account details (like your bank, or social media accounts), and scamming new victims.

Personalised and targeted: Hijackers then send phishing emails from the victim’s account to everyone in his or her address book. Since your friends and family think the email comes from you, these emails can be very effective. People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves.

Learning fast: Hijackers quickly change their tactics to adapt to new security measures. For example, after we started asking people to answer questions (like “which city do you login from most often?”) when logging in from a suspicious location or device, hijackers almost immediately started phishing for the answers.

Google says it’s used the results of the study to improve its own security, but also has a few suggestions to help you improve your own security.

Its suggestions include, staying vigilant and reporting any suspicious emails that come your way, having a backup email address, and using two-step verification.

Infographic_Google_Full_Final

Click image for full size

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.