A new Google study has revealed that attempts to obtain sensitive information, such as bank account details, ID and password by using fake emails, followed by key-loggers and third-party breaches, have increased globally and became a major threat to humankind.
Keystroke logging, which is commonly known as key-logging or keyboard capturing is an action which has an ability to capture every keystroke made on that system.
Google said that hackers are searching and have found different usernames and passwords on different platforms on the black market.
A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging.
“In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches,” said Google on 10 November.
Now these days, hijacking someone’s account has become an easy job for the hackers. More than 15 percent of daily internet users have reported that they have faced the same problem with their email or social media account.
“From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data,” said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.
The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.
“While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12 percent of the exposed records included a Gmail address serving as a username and a password,” Google said in a blog post.
Even though the company is taking actions against anonymous breaches by securing users password, the hackers are now trying to collect more sensitive details about someone’s account, which are usually asked during the sign-up.
“We found 82 percent of black hat phishing tools and 74 percent of key-loggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model,” Google further added.
“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe,” they said.
However, Google advised users to follow few simple steps to avoid such online hacks and said that it will help to make the account more secure.
“Visit Google’s Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock,” they concluded.