You’d think we’ve heard too much about phishing scams to get tricked into falling for them; but a new Google study shockingly claims that they have a success rate as high as 45 percent. Phishing is an attempt made by cyber-criminals to obtain the would-be victim’s usernames, passwords or credit/debit card information by pretending to be a trustworthy entity.
Such a scam could come in the form an email asking for bank details or simply masquerade as a website’s online form requesting sensitive data. The latest research conducted by Google along with the University of California, says that even the shadiest-looking scam sites enjoy success rates of almost 3 percent. What’s more, some fake online portals work up to 45 percent of the time.
Google has particularly focused on manual hijacking which has a professional attacker expending a huge amount of time on exploiting a single victim’s account. These may be rare incidents, affecting 9 users out of a million people per day, but their effects are rather harsh since a lot of them result in financial losses. If we’re speaking in terms of averages, visitors to fishy pages submit their information 14 percent of the time.
Also see: Cyber-criminals are using Ebola virus scare as bait to infect PCs, says Symantec
Manual hijacking via phishing wouldn’t be such a big deal if it wasn’t for the fact that millions of scam messages can be sent out by a single trouble maker, notes Google in a recent blog post. The study in question was undertaken with the idea of observing how such cyber-criminals operate and the kind of data they try to acquire once they gain hold of a victim’s account.
Did you know that those in the contact lists of hijacked accounts are 36 times more likely to fall for such scams themselves? This happens because the perpetrators of these attacks often send phishing emails from the victim’s account to everyone in his or her address book. This deceives the receiver into thinking that the message has come from someone they know.
If you think hackers sit around waiting for the opportune moment to strike the would-be victim, think again. Google says that roughly 20 percent of hijacked accounts are accessed within 30 minutes of the concerned log-in information falling into the wrong hands. Once cyber-criminals gain access to an account, they change the password to lock out the actual owner and start looking for pertinent data.
Related post: Hackers leak 5 million Gmail usernames and passwords online
Google highlights some ways to avoid being heckled by phishing scams beginning with going through two-step verification when available to marking fishy mails as spam to ignoring messages requesting sensitive personal information.