Phishing is the great public plague of the web, and attacks are on the rise. In the first longitudinal measurement of the underground ecosystem fueling credential theft, Google identified 12.4 million potential victims of phishing kits and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Google researchers estimated 7–25% of stolen passwords in the dataset would enable an attacker to log in to a victim’s Google account and take over their online identity.
Phishing threats can be mitigated, though, through user education and controls like antivirus software, two-factor authentication, password managers, and security keys. For example, the data showed that techniques like blocking login attempts that fail to match a user’s historical login behavior or device profile can help. Neal Mueller discusses this data and shares phishing demos and recommendations about the effectiveness of phishing prevention tools.
Neal Mueller is the product lead for Google Cloud Platform, where he focuses on security and BeyondCorp. Outside of Google, Neal is an adventurer. He has summitted Mount Everest unguided, sailed from Hawaii to San Francisco, swum the English Channel, and completed the first-ever row across the Arctic Ocean, for which he was awarded a Guinness World Record. Neal holds a BA from the University of Pennsylvania and an MBA from the University of Pennsylvania’s Wharton School, both with honors.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org