For their study, Google experts joined forces with a team from the University of California Berkeley. The two teams planned to learn how Gmail users manage to end up with a compromised account.
The Google team published their findings, which they deemed “immediately useful,” in a blog post. The research revealed that hackers usually employ two tools to take over Gmail accounts: malicious software and phishing techniques.
Around 788,000 account details were stolen with help from keyloggers in a year, while phishing methods accounted for 12 million exposed credentials. In total, around 3.3 billion accounts were compromised through third-party data breaches, researchers found.
Experts claim that hackers are constantly fine-tuning their blackhat tools to make them more effective. For instance, many hackers are now using IP addresses, phone numbers, geolocation, and even device model information to break into the accounts.
Users Usually at Fault
Google researchers said they sifted through the data available on the black market and as many as 25,000 hacking tools in their research. All computer models revealed that the issue when it comes to a compromised account mainly lies with the user.
The user is usually at fault, researchers noted, because account owners use either weak passwords or ignore warnings about a cyber attack and continue to use their old passwords. Since human errors are difficult to prevent, experts believe existing protections should be upgraded in order to keep users safe and stay ahead of hackers.
The latest findings echo a report about a phishing scam affecting Google Docs users earlier this year. In May, users reported receiving fake Google Docs invite emails from their friends, which redirected them to a genuine Google website but also allowed hackers take over their accounts via malicious software. At the time, users were recommended that they contact their friends to ensure that it was them who had sent them the invite, not hackers.
Image Source: Pixabay