Although data breaches are bad news for Internet users, Google's study found that phishing is far more of a threat to users than a user hijacking.
To this end, Google also specifically visited several private hacker forums. According to the results, there are 1.9 billion people in the world affected by data breaches. Like some dating site users, most of their information will be traded in some private forums.
Despite the sheer volume, only 7% of the data breaches match the passwords used by billions of Gmail users currently in use, and a quarter of the phishing scams exposed in phishing attacks are associated with current Google password match.
The study also found that phishing victims are 400 times more likely to be hijacked than random Google users, a figure that is 10 times more likely to be a victim of data breaches. Such data prove that the threat of phishing websites in the end how much.
Phishing kits, for example, contain pre-packaged, fake log-in pages for popular and valuable sites like Gmail, Yahoo, Hotmail and online banking. They are often uploaded to compromised websites and automatically send the captured credentials to the attacker's account. Phishing packages generate higher account hijacking rates because they capture the details Google uses for risk assessment when users log in, such as the victim's geography, secret questions, phone numbers, device identifiers, and more.
Researchers found that 83% of the 10,000 phishing tools collect the victim's geographic location and 18% collect phone numbers. In contrast, less than 0.1% of keyloggers collect phone details and secrets.
The study found that 41% of phishing kits were based in Nigeria on the last sign-in location and were used to receive gigabytes of Gmail accounts. The United States ranked second in the number of phishing tools, accounting for 11%.
Interestingly, researchers found that 72% of phishing tools use Gmail accounts to send the captured certificates to attackers. In contrast, only 6.8% use Yahoo. Gmail users are also the largest victim of phishing groups, accounting for 27% of total research, compared with 12% of Yahoo victims. However, Yahoo and Hotmail users were the biggest victims of disclosure credentials, accounting for 19%, followed by Gmail, accounting for 12%.
They also found that most phishing victims were from the United States, while most of the keyloggers were from Brazil. Lastly, researchers point out that dual-factor authentication mitigates phishing threats, but many people find it too cumbersome, so they are less likely to use dual authentication.