Are Your Details Safe or Have You Been Pawned?
According to Google, literally, billions of people’s usernames and passwords are available to buy online via the black market. Most are blissfully unaware that they are at risk of scammers. Have you been pawned? That’s the question, but there is a quick way to check if your details have been sold online. Just go to haveibeenpwned.com and run your email addresses through their system. This will give you a quick indication of whether you are susceptible to being defrauded by unscrupulous hackers.
Be sure to check if you’ve fallen victim to this evil scam.
Google is Concerned with Criminal Activity
Whilst it might be shocking, scary even, to find your email address on the database, it doesn’t necessarily mean that they have your password, which they would need to directly hack into your email account. However, it could be that one of the many websites that you have probably signed up for has illegally sold your details. Email lists are a legitimate way to build a business, but occasionally people will pass your details on without your permission. Google is naturally more concerned with criminals getting your details than websites that you have willingly signed up for.
The technology giant, in partnership with the University of California, found out that anyone with an email address is at risk of a triple threat attack. 788,000 victims’ details were stolen using keyboard tracking software.
More worryingly, though, 12 million people had their credentials stolen by criminals pretending to be well-known brands such as Amazon, eBay, and Vodafone, among others. They send out links asking to reset your password and it is an easy trap to fall into, even for experienced computer users due to the websites looking exactly like the real thing. There are subtle differences, however, so be careful and take heed.
How to Spot a Fake Website
- The website might look real, but they will often write to you as Dear Customers instead of using your name.
- Have the occasional spelling, grammar, and punctuation errors.
- A slightly different or weird email or web address.
- They often try and sneak an extra word in before or after the usual address.
- Be vigilant and pay attention – if something looks dodgy it probably is!
The attacks are known as ‘phishing’ scams and often ask you to cancel an order that you haven’t actually made. When you click on the link that’s when they nab your details. Often the victim genuinely believes that it was a real transaction that they have bought by accident and cancelling was the right thing to do. It can be weeks later when their bank statement comes through before they realize they have fallen victim to this sophisticated hoax.
It’s often weeks before they realise they’ve fallen victim to this sophisticated hoax.
Billions of Different Platforms on The Black Market
Thomas and Moscicki, who work for Google, wrote: “Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.
“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defenses in order to stay ahead of these bad actors and keep users safe.”
They go on to say that we presented our study at the Conference on Computer and Communications Security (CCS) and it’s now available here.