A new study by Google, the University of California Berkeley and the International Computer Science Institute has concluded that email users are being threatened by massive credential theft and phishing schemes are the primary way hackers are stealing credentials.
According to the study, phishing victims are 400 times more likely to have their email accounts hijacked compared to regular Google users. Victims of data breaches are 10 times more likely to have their email addresses hijacked and keylogger victims are 40 times more likely to become victims of email hijacking.
How the attacker acquired the victim’s credentials is directly linked to whether the email account can be hijacked. 7 percent of those whose information was breached in a third party data breach had their gmail account password exposed, compared to 12 percent of keylogger victims and 25 percent of phishing victims.
What this says to me is that it is very important to change your password to access your email account any time you are advised that you have been involved in any type of compromise, and even if you don’t get notice, change the password on your private email account frequently. Remember to use pass phrases, as they are easier to remember [related blog post about passwords].