Manual Account hijacking is rare, but damaging says Google.

A Google Study released via SecurityWeek.

The Study shows that the number of manual account hijacking cases is small, but such incidents can be distressing to users and they can result in significant financial loss.

While a large majority of account hijackings rely on botnets and are automated, there are cases where attackers spend a lot of time to profile victims and maximize the profit they make without using automation, according to the study conducted by researchers at Google and the University of California, San Diego.

By analyzing manual hijacking cases that occurred at Google between 2011 and 2014, researchers determined that there are only 9 incidents per million Google users per day. Incidents in which the attackers knew the victims or had physical access to their devices were excluded from the study.

Account hijacking starts with the attacker obtaining the victim’s credentials. This can be done through phishing, installing malware on the target’s computer, or by guessing the password that protects the account. However, researchers say phishing attacks are preferred by many cybercriminals since they are cheaper and easier to pull off.

While many people believe phishing is not a very effective technique because fake websites are easy to identify, Google says rogue sites actually work 45% of the time. Even the most obvious fakes deceive 3% of users, the search engine company has found.

Once access to an account is obtained, the attacker profiles it to decide whether or not it’s worth exploiting. According to the study, hackers spend on average three minutes to decide.

The actual exploitation phase consists of collecting sensitive information that can be monetized (e.g. financial information), tricking the victim’s contacts into transferring money to the attacker, or holding the account for ransom.

According to Google, roughly 20% of the hijacked accounts are accessed within 30 minutes after the attacker obtains the login credentials.

“Once they’ve broken into an account they want to exploit, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other account details (like your bank, or social media accounts), and scamming new victims,” Elie Bursztein, Anti-Abuse Research Lead at Google, said in a blog post.

As far as attribution is concerned, most of the hijackers originate in China, Ivory Coast, Malaysia, Nigeria, and South Africa, the study shows.

When it comes to restoring access to compromised accounts, Google says it’s not a trivial task. According to the study, the most reliable way to recover an account is via SMS, a method that works 81% of the time for users who provided a phone number. Secondary email addresses are also efficient, with a success rate of 75%. Secret questions or manual review of the compromised account also work, but they’re far less successful — the methods have only worked 14% of the time.

The complete study, titled “Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild” is available online.

Like to find out more about online security & how to stay safe?

Adam Harling, Managing Director, With more and more businesses turning to the cloud for many day-to-day applications, security is a big concern. Adam will cover the basics, from encryption tools, threats such as phishing scams and how to protect your data.

Netitude to speak at 15 Minute Wonders for Business Growth Book your free place here:

We look forward to meeting you there. If you are unable to attend the event but would be interested in receiving a copy of the presentation after it has been given, please request this via email –

Some more interesting statistics, further highlighting the fact that online security is a big issue:

* 91% increase in targeted attacks campaigns in 2013
* 62% increase in the number of breaches in 2013
* Over 552M identities were exposed via breaches in 2013
* 23 zero-day vulnerabilities discovered
* 38% of mobile users have experienced mobile cybercrime in the past 12 months
* Spam volume dropped to 66% of all email traffic
* 1 in 392 emails contain a phishing attack
* Web-based attacks are up 23%
* 1 in 8 legitimate websites have a critical vulnerability

Talk to Netitude today on 0333 2412323 and let us help get you and your business operating safely online.



← Back to Blog
Adam Harling Adam Harling

13 November 2014

Share this article:

Posted to:

Netitude Events

Latest Articles

Growth through technology