Google is releasing a study titled ‘Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild’ where it addresses ‘Manual Hijacking’ where hackers spend a lot of time breaking into user accounts and committing financial crimes.
The most common way through which manual hijackers crack into user accounts is via phishing – a fraudulent mailing activity wherein deceptive mails are sent to millions of users with an attempt to steal their username, password and other personal information. Some key findings of the study:
The extent of Hacking: With certain fake websites remaining active for 45% of their time, people submitting their info to such pages 14% of the time and even the most obvious fake pages managing to deceive 3% of the people, even the most tech-savvy have their guard up.
What Hackers do: Hackers operate very swiftly – as many as 20% of phished accounts are accessed within in less than half an hour. They spend as many as 20 minutes inside hacked accounts stealing financial and contact details.
Causing further damage: Hackers used details from compromised accounts to further spam their contact list. Since you contacts feel they are receiving mails from you, they are 36 times more likely to fall prey to this fraud.
Hackers’ counter act: Email service providers are constantly updating their security measures, but hackers are countering them at the same speed.
Gmail does its part in trying to keep such scammers at bay, but even then, every now and then you still manage to get a mail from a Nigerian prince, huge brands or a dying bank employee desperate to share immense wealth with you. Moreover, hackers have now taken up to cell phone call, texts, WhatsApp messages, and even social networks such as LinkedIn and Twitter.
While most of these mediums are doing all in their capacity to ensure users aren’t taken for a ride, more visible awareness campaigns against phishing are the need of the moment. Banks have been sending out mailers, text messages and statutory warning through their IVR menus urging customers to refrain from sharing their account details online or over the phone. Top companies have statutory notices in their ‘Careers Section’ that they do not ask for any processing fees during application process and that such mails should not be responded to. And with all these security measures in place, hackers must surely be in the search of newer ways to counter them – a very recent example being hackers breaking into bank accounts through ATMs and escaping with loads of cash.
All statistics mentioned above are with respect to the American study, thus making it difficult to superimpose the same with respect to India, where Internet penetration is far less than America. However, lesser penetration also means lesser awareness regarding such issues, which makes those new to the Internet a very naive target.