HACKERS can easily access “billions” of people’s usernames and passwords through the black market, Google has warned.
New research by the technology giant and the University of California found that anyone who has an email account is at risk of a triple threat attack.
Researchers identified 788,000 “credentials” stolen using tools that track victims’ keyboard strokes.
A further 12 million were nicked during attacks in which crooks try to trick people into typing their account details by sending links to re-set their password or pretend to be a well-known brand like eBay, Amazon or a bank like Barclays.
This technique is called “phishing” and can be difficult to detect, because the emails may appear in your inbox as convincing-looking receipts for purchases you haven’t made.
Many are still fooled by a particularly convincing Amazon “thank you for your purchase” email which asks you to click on a link to cancel the order.
Of course, the order never existed in the first place.
Last of all, an astonishing 3.3billion passwords and usernames are out in the wild thanks to a number of data breaches.
But a password is rarely enough to crack your email account.
Sophisticated attackers are also trying to collect sensitive information needed to verify your identity.
How do I spot a fake email or website?
Criminals are good at making their fake emails and websites look realistic. But you can often spot the sham ones because they:
- Write to you as ‘Dear customer’ instead of using your name.
- Ask you to update or confirm your details.
- Have poor design, typos or bad spelling and grammar.
- Have odd looking emails or web addresses.
Google security sleuths Kurt Thomas and Angelika Moscicki wrote in a blog post: “We found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model.”
If you want to check whether you’ve been affected, there are services around to help.
Pop your email address into Haveibeenpwned.com and it will tell you if you show up.
It’s worth bearing in mind that even if you aren’t on this list, you may be on others.
NO NEED TO GOOGLE IT How to unsend a message on Gmail – essential tips to reclaim those embarrassing email blunders
Thomas and Moscicki wrote: “Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.
“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe.”
more google stories