Our digital identity is more important than ever. The data that can be traced back to us can include social media contacts, messages, our work details, bank accounts and purchase patterns.
So, it’s no surprise when a recent poll in the US found that citizens were more concerned about online accounts being hijacked than their houses being robbed — if you have insurance, goods can be replaced. If you lose an online account, you’re at risk not only of losing the account forever — but the heartbreak of identity theft.
One of the most common methods to take control of an account is mass hijacking. In this case, an automated process uses compromised systems to send out countless spam messages, malware, and phishing campaigns to add more hijacked accounts to the roster. In other cases, state-sponsored attacks target political institutions, universities, governments and corporations to access accounts and steal sensitive data or act as a gateway to spy on networks.
However, there is another category — dubbed by Google “manual hijacking.” What makes them different? These attacks are personal, time-consuming, and a cybercriminal is dedicated to infiltrating an individual’s accounts — often with the aim of plundering a person’s bank account.
The tech giant says these account hijacks are rare — with only nine incidents per mission users per day — but they can be devastating to the victim.
In a new study, Google decided to explore this tactic further, looking at the sources of phishing emails, websites, and how these cybercriminals operate.
In these cases, we’re not talking about remote, impersonal servers, brute-force attacks or phishing campaigns sent to thousands. Instead, imagine individuals working business hours, rifling through your accounts and tempting you to hand over your credentials for seemingly legitimate purposes.
A phishing email, crafted for you, can be far more believable than a supposedly long-lost uncle in Africa or a congratulatory note telling you you’ve won the Spanish lottery. Password guesses and malware installation were also popular methods used to access an account, according to the firm’s researchers.
Read the Full Article: Source – c|net