Try a no-risk free trial today!
According to a recent study, Google researchers identified 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. Using this dataset, they explored to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust.
Google’s analysis showed that only less than 7 percent of the passwords exposed in third-party data breaches were valid due to password reuse. Furthermore, the company’s data suggests that credential leaks are less likely to result in account takeover due to a decrease in password reuse rates.
On the other hand, nearly a quarter of the passwords stolen via phishing attacks were valid, and Google believes phishing victims are 460 times more likely to have their accounts hacked compared to a random users. As for keyloggers, nearly 12 percent of the compromised passwords were valid, and falling victim to such malware increases the chances of account takeovers 38 times.
“Our findings were clear: enterprising hijackers are constantly searching for and can find, billions of different platforms’ usernames and passwords on black markets,” Google employees wrote in a blog post. “While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defenses to stay ahead of these bad actors and keep users safe.”
Thus, in this process, Google concluded that many users were following the procedure of using a single login to access different web services. And this was giving way to phishing scams having the potential to do more damage than simplifying the life of web users.
By now you understand that bad guys are out to get us and they are succeeding by using phishing. By phishing your users, the bad guys are bypassing your firewall, endpoint protection, and other technology-based security measures by going after your users. So, what is there to do? Have you thought of phishing your users to see who the culprits are?
Phish our employees and then work out how to get them through effective Security Awareness Training. Here are a couple of ways to determine the phish-phone percentage of your end-users:
Shoot us a message to start a discussion about how our team can help you today.
Stay up-to-date on the latest news in the cyberverse.
