The tech giant has revealed that when hackers target the accounts of Google users, they are getting much closer than it was initially thought. In a recent statement, Google has revealed how manual account hijacks work and how people can prevent it from happening.
Up until now, the public knew and feared just one type account hijack, the automated spam bot account hijack, where an automated bot would send out messages that the user would then click, only to send out more spam messages by clicking on the faulty link.
Yesterday, Google has revealed some insight about manual account hijacks for the first time ever. It appears that, as the name would imply, the attack is much more personal. Manual hijackers are professional hackers who sift through thousands of accounts, one by one, in order to determine how much they would be worth if hacked and to see how to better exploit them.
With millions of people using their Gmail every day, it may seem a bit strange, but only around nine attacks are reported every day to Google. These rare cases are almost always manual account hijacks where hackers obtain the user’s bank account records through phishing.
Google’s report revealed that 20% of the hacked accounts are hacked into within 30 minutes of the attacker receiving the vital login information. Matt Kallman, a Google representative, stated:
They spend three minutes going though your account to determine if it’s valuable, and if they determine it’s valuable they spend up to 20 minutes and spam your contacts. They’ll say you’ve been mugged or that you need money wired.
Google also released one such fake email that the hackers would send through your email account to your contacts.
We were mugged last night in an alley by a gang of thugs on our way back from shopping, one of them had a knife poking my neck for almost two minutes and everything we had on us including my cell phone, credit cards were all stolen, quite honestly it was beyond a dreadful experience.”
Manual hijackers will often change tactics, in order to adapt to the changing security from Google. The company recommends providing a backup phone number and a secondary email address to increase security of your Google mail account.
Most hackers are operating their manual account hijacks from Nigeria, South Africa, Ivory Coast, China, Malaysia and Mountain View, California.