Skip to main content

Phishing emails still surprisingly effective, reports Google

Phishing emails — spam messages that purport to come from a legitimate source but which actually lead to a fake website — are still a surprisingly effective method of hacking into online accounts, according to the latest security report from Google. Some phishing emails can achieve a hit rate of 45 percent, says Google, while even the worst and most obvious scams can attract clicks from 3 percent of users.

Once users have clicked through on the misleading link, on average 14 percent of them actually go on to enter sensitive details such as account login credentials or bank card information, according to the study. The hackers then work quickly to access the newly compromised accounts, with 1 in 5 exploited within the space of half an hour. If you unwittingly give up the keys to your digital home then you might find yourself locked out very quickly.

Recommended Videos

“For this study, we analyzed several sources of phishing messages and websites, observing both how hijackers operate and what sensitive information they seek out once they gain control of an account,” explains Google’s Elie Bursztein in a blog post. “Even though [these types of hacks are] rare — 9 incidents per million users per day — they’re often severe, and studying this type of hijacker has helped us improve our defenses against all types of hijacking.”

So what can you do to protect yourself, other than being wary of every email that turns up in your inbox? Google recommends reporting suspicious-looking messages and visiting websites directly to login, rather than clicking through a link in your email program. If you’re using Gmail, make sure you’ve set up backup information (like a phone number) that you can use to restore your account if it gets compromised, and switch on two-step verification to make it harder for unwelcome visitors to gain access to your account. Google says it has managed to block 99 percent of hijackings in the last few years.

[Image courtesy of mtkang / Shutterstock.com]

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Topics
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more
Google is creating ‘internet surveillance DRM,’ critics say
Google Drive in Chrome on a MacBook.

Google is working on a system to fight fraud and make the internet “more private and safe,” but it’s just come in for some blistering criticism from software engineers behind the Vivaldi web browser. According to them, it’s a “dangerous” idea that could lead to greater surveillance of ordinary people.

The subject of this kerfuffle is Google’s Web Environment Integrity project, or WEI. Its purpose, Google says, is to stymy bad actors by providing a piece of code on a website that can be checked with a trusted attestor (such as Google) to ensure the visitor is who they say they are. That could prevent cheating in games, for example, or ensure that ads are being properly served to readers.

Read more