1, 2, 3, 4, 5, Google caught a phish alive
A recent study by Google has revealed the ways in which email and other accounts are commonly highjacked by cyber criminals. Over a 12-month period, the company analysed log-in and harvested account data found on websites and criminal forums.
The research revealed that more than 78,000 credentials had been stolen via keyloggers, 12 million grabbed via phishing scams, and 1.9 billion from company breaches. Interestingly, the most useful information came from keyloggers and phishing attacks as these included valid passwords in 12-25% of attacks.
What is perhaps most concerning about the findings is the continued use of inadequate passwords. Popular passwords found in the analysed breach data included: 123456, password, 111111 and qwerty.
Despite cyber awareness improving in recent years, it is disappointing to see such poor password choices still prevailing. PGI recommends that passwords should be a minimum of 14 characters long, use non-dictionary words and contain a mix of special characters to add complexity.
We also remind users not to use the same password across multiple accounts as any criminal who gains a password will immediately try accessing other major sites (such as Amazon, Facebook, PayPal, etc) in the hope that the victim has reused the same password elsewhere.
How PGI can help your team avoid phishing scams
PGI offer a Phishing Vulnerability Assessment service. This programme will help your team identify malicious e-mails and gauge their vulnerability to compromised links. Talk to us to find out more: firstname.lastname@example.org or +44 (0) 845 600 4403