U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Manual phishing attacks are the simplest and most effective hacking technique

A study published by Google demonstrates that manual phishing attacks are the simplest and most effective method for hacking email accounts. A study recently published by Google demonstrates that so-called manual phishing attacks are the simplest and most effective method for hijacking users’ email address. Let’s consider that the manual phishing attacks, as suggested by the name, doesn’t use […]

Manual phishing attacks are the simplest and most effective hacking technique

A study published by Google demonstrates that manual phishing attacks are the simplest and most effective method for hacking email accounts.

study recently published by Google demonstrates that so-called manual phishing attacks are the simplest and most effective method for hijacking users’ email address.

Let’s consider that the manual phishing attacks, as suggested by the name, doesn’t use any automated tool to compromise the user’s account and for this reason it is rare in comparison with other technique of attacks.

Experts at Google revealed that only nine attacks per million users every day adopt the manual phishing technique, considering that the number of Gmail users was more than 425 million users in 2012, meaning that thousands of individuals fall victim manual attacks a day.

manual phishing attack

Manual phishing attacks are considered time consuming, the hack of a single Gmail account request a considerable amount of time. According to Google, once the attacker gains the access to the account he will spend more than 20 minutes to exploit the account for maximum gain. The first operation made by the attacker is to lock out the legitimate owner, changing the password, as a second step he tries to gather as much information as possible from the account like social media and other email accounts.

“Around 20% of hijacked accounts are accessed within 30 minutes of a hacker obtaining the login info. Once they’ve broken into an account they want to exploit, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other account details (like your bank, or social media accounts), and scamming new victims.”states Google in a blog post.

Google confirms that phishing is the most effective technique to hijack an email account, the hacked accounts are usually recruited to send phishing messages to victim’s contacts present in the address book.

“Most of us think we’re too smart to fall for phishing, but our research found some fake websites worked a whopping 45% of the time. On average, people visiting the fake pages submitted their info 14% of the time, and even the most obviously fake sites still managed to deceive 3% of people. Considering that an attacker can send out millions of messages, these success rates are nothing to sneeze at.”states Google.

” People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves.” 

Google also tried to track the profile of hackers that run manual phishing attacks, despite it is very hard to identify them, the company states that they operate mainly from China, Ivory Coast, Malaysia, Nigeria and South Africa.

manual phishing attack attackers by country

According to the experts at Google, the attackers are professional hackers that approach their work like a full-time job, with regular working days and time.

The attackers running manual phishing attacks demonstrate the capability to adapt their operation to countermeasures implemented by Google, when the company started asking users to verify suspicious activity by confirming their city of residence, the attackers promptly began sending phishing e-mails to obtain the correct information from their victims.

Google explained that several security features can be highly effective in preventing manual phishing attacks, including the two-factor authentication and the recently launched Security Key that will allow clients authentication with a USB stick.

The principal problem is that a limited number of users is aware of cyber threats and too few individuals adopt these tools for the protection of their accounts.

Pierluigi Paganini

Security Affairs –  (manual phishing attacks, Google)