Phishing emails — spam messages that purport to come from a legitimate source but which actually lead to a fake website — are still a surprisingly effective method of hacking into online accounts, according to the latest security report from Google. Some phishing emails can achieve a hit rate of 45 percent, says Google, while even the worst and most obvious scams can attract clicks from 3 percent of users.
Once users have clicked through on the misleading link, on average 14 percent of them actually go on to enter sensitive details such as account login credentials or bank card information, according to the study. The hackers then work quickly to access the newly compromised accounts, with 1 in 5 exploited within the space of half an hour. If you unwittingly give up the keys to your digital home then you might find yourself locked out very quickly.
“For this study, we analyzed several sources of phishing messages and websites, observing both how hijackers operate and what sensitive information they seek out once they gain control of an account,” explains Google’s Elie Bursztein in a blog post. “Even though [these types of hacks are] rare — 9 incidents per million users per day — they’re often severe, and studying this type of hijacker has helped us improve our defenses against all types of hijacking.”
So what can you do to protect yourself, other than being wary of every email that turns up in your inbox? Google recommends reporting suspicious-looking messages and visiting websites directly to login, rather than clicking through a link in your email program. If you’re using Gmail, make sure you’ve set up backup information (like a phone number) that you can use to restore your account if it gets compromised, and switch on two-step verification to make it harder for unwelcome visitors to gain access to your account. Google says it has managed to block 99 percent of hijackings in the last few years.