Skip to main content

Phishing emails still surprisingly effective, reports Google

phishing emails still surprisingly effective reports google email hacks
Image used with permission by copyright holder
Phishing emails — spam messages that purport to come from a legitimate source but which actually lead to a fake website — are still a surprisingly effective method of hacking into online accounts, according to the latest security report from Google. Some phishing emails can achieve a hit rate of 45 percent, says Google, while even the worst and most obvious scams can attract clicks from 3 percent of users.

Once users have clicked through on the misleading link, on average 14 percent of them actually go on to enter sensitive details such as account login credentials or bank card information, according to the study. The hackers then work quickly to access the newly compromised accounts, with 1 in 5 exploited within the space of half an hour. If you unwittingly give up the keys to your digital home then you might find yourself locked out very quickly.

Recommended Videos

“For this study, we analyzed several sources of phishing messages and websites, observing both how hijackers operate and what sensitive information they seek out once they gain control of an account,” explains Google’s Elie Bursztein in a blog post. “Even though [these types of hacks are] rare — 9 incidents per million users per day — they’re often severe, and studying this type of hijacker has helped us improve our defenses against all types of hijacking.”

So what can you do to protect yourself, other than being wary of every email that turns up in your inbox? Google recommends reporting suspicious-looking messages and visiting websites directly to login, rather than clicking through a link in your email program. If you’re using Gmail, make sure you’ve set up backup information (like a phone number) that you can use to restore your account if it gets compromised, and switch on two-step verification to make it harder for unwelcome visitors to gain access to your account. Google says it has managed to block 99 percent of hijackings in the last few years.

[Image courtesy of mtkang / Shutterstock.com]

Topics
David Nield
Former Digital Trends Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more
Google is creating ‘internet surveillance DRM,’ critics say
Google Drive in Chrome on a MacBook.

Google is working on a system to fight fraud and make the internet “more private and safe,” but it’s just come in for some blistering criticism from software engineers behind the Vivaldi web browser. According to them, it’s a “dangerous” idea that could lead to greater surveillance of ordinary people.

The subject of this kerfuffle is Google’s Web Environment Integrity project, or WEI. Its purpose, Google says, is to stymy bad actors by providing a piece of code on a website that can be checked with a trusted attestor (such as Google) to ensure the visitor is who they say they are. That could prevent cheating in games, for example, or ensure that ads are being properly served to readers.

Read more
Why is Google cutting web access for some of its workers?
Google Logo

Google is preventing some of its staff from using the internet at work, according to sources in contact with CNBC.

Having revolutionized the web with its powerful search engine before making vast sums of money off online ads, the idea of a company like Google preventing some of its own workers from accessing the internet may at first seem somewhat odd, but there is of course sound reasoning behind it.

Read more