Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Phishing attacks via fake emails pose the greatest threat to people, followed by keyloggers and third-party breaches as account hacking increases globally, a new Google study has revealed.

Keystroke logging is a type of surveillance software that once installed on a system, has the capability to record every keystroke made on that system. The recording is saved in an encrypted log file.

According to Google, enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.

A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging.

“In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches,” Google said in a blog post late on Friday.

Account takeover, or ‘hijacking’, is a common problem for users across the web. More than 15 per cent of Internet users have reported experiencing the takeover of an email or social networking account.

“From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data,” said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.

The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.

“While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12 percent of the exposed records included a Gmail address serving as a username and a password,” the blog post read.

Of those passwords, 7 percent were valid due to reuse. When it comes to phishing and keyloggers, attackers frequently target Google accounts to varying success: 12-25 percent of attacks yield a valid password.

However, because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity.

“We found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model,” Google noted.

“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe,” it added.

There are some simple steps people can take that make these defences even stronger.

“Visit Google’s Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock,” Google cautioned.


Flipkart to offer its logistics services to third-party e-commerce firms

Flipkart is also gearing up to roll out an inter-city customer-to-customer courier service called eFlash in the next two months. Photo: Bloomberg

Flipkart is also gearing up to roll out an inter-city customer-to-customer courier service called eFlash in the next two months. Photo: Bloomberg

Bengaluru/New Delhi: Flipkart Ltd, the country’s largest online retailer, has thrown open its logistics services eKart to third-party e-commerce firms even as the company is gearing up to roll out an inter-city customer-to-customer courier service called eFlash in the next two months, said three people aware of the development.

The e-commerce logistics service has already found takers such as online fashion store Jabong and online marketplace Shopclues (Clues Network Pvt. Ltd); technical integration with Jabong is underway, while Shopclues will come on board in the next two weeks. eFlash is still in beta stage, currently available only to Flipkart employees in Bangalore, the people cited above said.

Myntra, which was acquired by Flipkart for $330 million in May 2014, has already been using eKart’s logistics services since September last year. The company expects other e-commerce firms to adopt the services in a big way starting February.

Flipkart did not respond to an email seeking comments, at the time of filing the report.

The Economic Times reported on Monday that Flipkart is planning to build eKart as an independent business and separately raise capital for the logistics unit.

eKart’s logistics service for third-party etailers will be pitched against well-funded e-commerce-focused logistics firms such as Delhivery (SSN Logistics Pvt. Ltd), Ecom Express Pvt. Ltd and Dotzot, the e-commerce focused arm of DTDC Express Ltd, among others. Other traditional logistics companies such as Gati Ltd, Blue Dart Express Ltd, Safexpress Pvt. Ltd and Drive India Enterprise Solutions Ltd are all adding e-commerce verticals to their existing lines of businesses, given the exponential growth of e-commerce in India.

Online retail sales could touch between $48 billion and $60 billion by 2020 from $4.47 billion in 2014, according to a report by financial services firm UBS Group AG in April last year.

While Flipkart plans to aggressively scale up e-commerce logistics services, the company will be a little cautious on eFlash, as it is yet an unproven territory, said one of the three people cited above. The segment has seen the emergence of a number of courier aggregators—at least 15 of them—in the past 12 months, such as Pickrr, Shipsy, Parcelled, DaakNinja, ShipTickr and Pigen.

However, none of the businesses have yet seen much traction in courier aggregation and make most of their revenue from first-mile logistics for small and medium enterprises (SMEs), transporting goods from the merchant to a customer or the warehouses of e-commerce companies. Some of them also handle reverse pick-up for e-commerce companies.

“We have been working on these two services for at least six months. After the integration with Myntra, we came up with a professional rate card for third-party companies. We will also expand the infrastructure to meet the demand,” said one of the two persons cited above, on condition of anonymity.

According to industry experts, a full-fledged roll-out of the service to other e-commerce companies will require Flipkart to ramp up its infrastructure substantially as most of the e-commerce companies struggle to fulfil orders on time, especially beyond the tier I cities, during special sale events when volumes spike significantly.

Questions may arise over eKart’s ability to service other companies at a time when Flipkart’s volumes also surge sharply.

“At some point, when a business scales up, they try to extract value from their core capabilities. At the operating level, such a move adds value because it will bring more business, but existing infrastructure needs to be ramped up,” said Harish H.V., partner at Grant Thornton, a consulting firm.

Logistics and supply chain has become a key focus for all e-commerce companies as sound infrastructure helps in reducing delivery cost and ensure faster delivery, which in turn helps e-commerce firms win over customers.

But even Flipkart’s rivals Amazon (Amazon Seller Services Pvt. Ltd) and Snapdeal (Jasper Infotech Pvt. Ltd) are not sitting idle.

The logistics footprint of Amazon India grew three times to more than 2,100 cities and towns in 2015 and the company added eight warehouses last year, increasing its count to 21. It has the maximum number of warehouses and largest storage space among e-commerce firms in India, ahead of Flipkart, which has 17.

Snapdeal has bought a large stake in specialty logistics firm GoJavas to improve its speed of order deliveries.

The e-commerce company has infused about Rs.237 crore in GoJavas for a 42% stake, Mint reported on 2 October 2015.

Flipkart bought back its logistics business from WS Retail Services Pvt. Ltd through a new entity called Instakart Services Pvt. Ltd, which has Flipkart’s chief business officer Ankit Nagori and finance controller Rajnish Singh Baweja as directors, Mint reported on 22 September.

Earlier this month, Flipkart announced that Binny Bansal will take over as chief executive from Sachin Bansal, who will now become executive chairman. The company is looking for a new chief executive officer (CEO) for eKart, which was until recently headed by Binny Bansal. Until a new CEO comes on board, Binny Bansal will continue to head the logistics business as interim CEO, Mint reported on 12 January.