The War against account hijackers

mail-hijackGoogle has released a new study into the theft and hijacking of accounts details by criminals, and how they manage to get hold of the personal details, how they turn the information in to money, and what processes are used to restore control back to the owner. The study also offer a set of the best practices for individuals to defend themselves from becoming victims of hijacking and discusses what exacerbate the problem.

Google claims to have reduced hijackings by more than 99% over the last few years, and today the main problem seems to be ‘phishing’ where the hijacker sends an email that attempts to look genuine, but is a deceptive message meant to trick you to provide certain information to the sender, such as username, password[s], and other personal information.

ImageNow I know you would never be fooled by such a message nor open an attachment from somebody you don’t know, but the research shows that fake websites actually worked an amazing 45% of the time, and that viewers to the pages gave their details 14% of the time. Even the most obvious fake sites managed to deceive people 3% of the time.

That should be seen in relation to the number of fake message a hijacker can send out, and that means millions, so the profit achieved by these criminals is astounding.

Some 20% of hijacked accounts are entered into by the criminal within 30 minutes of getting your log-in details and often they change the password to lock out the true owner whilst they search for banking details, Facebook or twitter account details, and contacts to also scam. That last info from your contacts listing is important as people on the list are 36 times more likely to be hijacked than the original owner.

PhishingOnce the software providers come up with counter measures the hijackers also try to come up with new ways of phishing for information. For the more targeted hijacks, such as state sponsored attacks, often for political reasons, Google will normally show a warning on their Gmail heading, but are cagey with details so as to not provide any help to hackers.

We do know that the main hijacking originates from China, Ivory Coast, Malaysia, Nigeria, and South Africa, and we still see quite a lot from Russia and East European countries. The distinction between phishing using botnets, i.e. automated scams run by robots, and the manual type where the email is personalised is that the manual hijackers spend a lot more effort to maximise their profit [damage] from the hacked credentials.

Verified facebook accountSince these hijackers change their tactics quickly and adapt them to new security measures it is important that we all stay vigilant and take steps to secure our personal information with solid passwords and 2 step verification process as an extra layer of security.

Some banks already use your mobile phone number to ring you to prove you really are who you say you are by sending you a code to enter as you go on line to carry out some transaction with your bank accounts. So if someone other than you, who receives  the phone message, is trying to get into your account they are out of luck.

At SeniorNet we always emphasize the need for solid passwords and good housekeeping of same, it pays off. So stay safe and feel free to ask for assistance at one of our Q&A sessions [see: Workshop Programmes] to ensure you can enjoy safe computing.