Phishing scams 45% successful according to Google study

Adam Westlake - Nov 8, 2014
2
Phishing scams 45% successful according to Google study

You would think that we’ve been taught and warned enough to recognize the signs of phishing attempts, those emails and websites designed to trick us into entering usernames and passwords for things like email, Facebook, and online banking, often designed to look authentic, but still not appearing quite right. Well, it turns out a number of internet users are still falling victim to such scams. A very large number of users, according to a study from Google and the University of California, San Diego.

According to the results, published on Thursday, the best phishing scams are successful almost half the time, tricking 45% of visitors to enter their information. Researchers said this is much more than what they expected, and that even the worst looking scam sites had success rates of around 3%. Google commented that when millions of phishing emails can come from a single attacker, even the smaller number is dangerous.

Other interesting details came from the study, like that attackers can identify if an account has any value in an average of 3 minutes, and often move on from email accounts if they don’t find results for search terms like “bank” and “wire transfer.” In addition, 20% of those who offer up their information during the phishing stage have their accounts hijacked within 30 minutes.

From there, scammers attempt to draw further victims by using compromised email accounts to message contacts and trick them into making bank transfers. As for where these digital con-artists come from, the study discovered that majority are in countries including China, Nigeria, the Ivory Coast, South Africa, and Malaysia.

Google’s advice for making sure this doesn’t happen to you includes steps we’ve often heard before, but that’s because they work well: using two-step verification when possible, marking as spam and never replying to emails that ask for personal or account information, and to abruptly change your password if you suspect someone else has gained access.

SOURCE Google [1], [2]


Must Read Bits & Bytes