Why a phishing attack is worst than being part of a data breach:

detect_phishing_intro.jpg

Google looked at the root causes behind online account hijacking and found phishing attacks and third-party data breaches can pose serious risks.

What's more dangerous: a data breach or a phishing attack?

Both can let hackers uncover your password information. But according to Google, phishing attacks are far and above the more serious threat when it comes to account hijacking.

The findings were made in a year-long study from Google and researchers at the University of California, Berkeley that looked at the root causes behind account takeovers.

The study analyzed a data set of stolen user account information traded on black markets and taken from hacking tools that can log keystrokes or generate phishing emails.

Picking Apart Real Stolen Data

The sample data itself was massive. It included 1.9 billion stolen usernames and passwords exposed by past data breaches at MySpace, LinkedIn, Dropbox and other third-party online services. There were 12 million stolen credentials taken from phishing attacks, and another 788,000 obtained from key-loggers.

The study then dove into the sample data, looking for actual Google users affected and if any of the stolen password information still worked. Unfortunately, the answer was yes. For victims of the phishing attacks, 25 percent of the passwords were still valid. Only 12 percent of the passwords were valid for the key-logging victims, and 7 percent for victims of data breaches.

That's not a complete surprise. Phishing attacks are specifically designed to trick users into giving up their login credentials and other sensitive information. They usually masquerade as an email from a legitimate service that'll ask for your password. Hackers can deploy them through "phishing kits" that can be found on the digital black market and will automate the attack process

How Breaches Affect Google Accounts

The sample data comprised 1.9 billion stolen credentials taken from third-party data breaches, none of which originated from any Google hack. But because people like to reuse passwords between different online accounts, the third-party data breaches still affected some Google users.

In scanning the sample data, the company found 51 million Google accounts that had their password information exposed in the breaches because of password reuse. That's a huge number and goes to show why you should use a password manager and two-factor authentication.

The good news is that data breaches tend to only contain username and password information, which is sometimes not enough to break into an account. For instance, Google has protections in place to also analyze where a login takes place and from what device. Any deviations can prompt Google to verify your identity.

Attacks from phishing kits, on the other hand, can be designed to extract more detailed information from their victims, including Geo-location data, the login device, and even account recovery questions.

Findings of the study indicate that while credential leaks may expose the largest number of passwords, phishing kits provide more flexibility to adapt to new account protections.