(AA) – Google released a report Thursday that details the habits of “professional” email hijackers who make their living preying on unsuspecting Web users.
The study sheds light on “manual hijacking,” when an attacker spends a fair amount of time cracking into a single person’s account. The number of these types of hackings is miniscule – nine incidents for millions of email users every day – according to Google, but the attacks can be financially devastating for the unlucky victims.
The study follows a Gallup poll published last week finding that far more Americans are concerned about hacking, either of their credit card or personal information, than any other crime – including burglary, mugging and murder.
“Manual hijackers often get into accounts through phishing,” Google’s security team wrote in a blog post Thursday, “sending deceptive messages meant to trick you into handing over your username, password, and other personal info.”
Google found that while many users felt confident in their ability to avoid scams, fake websites built for phishing worked 45 percent of the time. Hackers, of course, can send out millions of emails harboring deceitful links with just a few keystrokes, so that rate is worrisome.
The company found that once hackers obtain login information, most will scour email for more than 20 minutes. The hackers change passwords to keep the real users out as they pour over emails for valuable data, such as banking account details.
They will also seek out fresh victims. “People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves,” wrote Elie Bursztein, Google’s Anti-Abuse Research Lead and author of the blog post.
To prevent hackings, Google notes that users need to stay vigilant and report suspicious emails that request login or personal information. The company also offers a free two-step verification service that is demonstrably harder to hack than simpler login systems.