A study conducted by Google over a one-year period showed that online accounts are most likely to become compromised as a result of phishing attacks.
Between March 2016 and March 2017, Google researchers identified 12.4 million potential victims of phishing, roughly 788,000 potential victims of keylogger malware, and over 1.9 billion users whose accounts had been exposed due to data breaches.
The fact that third-party data breaches expose significant amounts of information is not surprising. Several companies admitted that hackers had stolen the details of millions of users from their systems and Yahoo alone exposed over one billion accounts in the past years.
However, Google’s analysis showed that only less than 7 percent of the passwords exposed in third-party data breaches were valid due to password reuse. Furthermore, the company’s data suggests that credential leaks are less likely to result in account takeover due to a decrease in password reuse rates.
On the other hand, nearly a quarter of the passwords stolen via phishing attacks were valid, and Google believes phishing victims are 460 times more likely to have their accounts hacked compared to a random user.
As for keyloggers, nearly 12 percent of the compromised passwords were valid, and falling victim to such malware increases the chances of account takeovers 38 times.
Phishing kits and keyloggers are also more likely to lead to account hijacking due to the fact that many of them also collect additional information that may be requested by the service provider to verify the user’s identity, including IP address, location and phone number.
An analysis of the most popular phishing kits revealed that they mainly target Yahoo, Hotmail, Gmail, Workspace Webmail (GoDaddy) and Dropbox users.
In the case of keyloggers, the HawkEye malware appears to be the most successful, with more than 400,000 emails containing stolen credentials being sent to attackers. Cyborg Logger and Predator Pain also made a significant number of victims.
As for the location of the individuals using these phishing kits and keyloggers, Google’s analysis of the IP addresses used to sign in to the email accounts receiving stolen credentials revealed that the top country is Nigeria in both cases.
“Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets,” Google employees wrote in a blog post. “While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defenses in order to stay ahead of these bad actors and keep users safe.”