Being a phishing victim is 400 times more dangerous than being part of a data breach
Google has published the results of a study in which they evaluated the risks of the theft of credentials on the Internet. Over the course of a year, they compared millions of victims of malware, phishing, and mass data breaches to determine which of these methods poses the greatest risk to the actacante to get hold of your valid credentials.
Using Gmail as your case study, the company found that the risk of someone being completely done with your account depends significantly on how the attacker obtained the credentials in the first place. And, while being part of a data breach makes you 10 times more likely to have your account stolen, being a victim of a phishing attack makes you 400 times more vulnerable.
While data breaches are our daily bread, and it seems that every week we recommend changing our passwords in a service that has been compromised, phishing attacks are much more stealthy and dangerous .
The model of phishing attacks can vary a lot, but the ways in which attackers seek to ensnare you to give them your data are increasingly creative and complex. The same Gmail suffered a massive attack that spread like powder with a fake Google Docs mail in which lots of users trusted because it seemed to come from the company, was used to access our emails.
Nearly two billion user names exposed in data breaches later …
In his study Google identified 788,000 potential victims of keyloggers, 12.4 million potential victims of phishing kits, and 1.9 billion user names and passwords exposed in data breaches and sold through black-market forums.
The company’s researchers found that only 7% of victims of data breaches had the same Google password as the one exposed. Compared with 12% of victims of keyloggers, and 25% of victims of phishing scams .
In addition to this they found that phishing victims are 400 times more vulnerable to losing their account altogether in the hands of an attacker than any user of Google.
This is because phishing kits not only obtain data such as the user or password, but in many cases the stolen data also include phone numbers, geographic location, secret questions, and identifiers of the devices used by the person.
Gmail also has the most victims of phishing, more than Yahoo and Hotmail (Outlook). But the latter in turn have the most filtered credentials. Security barriers such as two-step verification help protect against these threats , but they are still little adopted by users.