You want to step outside? What our fight against phishing taught us and how it can help you

Description

Phishing is the great public plague of the web, and attacks are on the rise. In the first longitudinal measurement of the underground ecosystem fueling credential theft, Google identified 12.4 million potential victims of phishing kits and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Google researchers estimated 7–25% of stolen passwords in the dataset would enable an attacker to log in to a victim’s Google account and take over their online identity.

Phishing threats can be mitigated, though, through user education and controls like antivirus software, two-factor authentication, password managers, and security keys. For example, the data showed that techniques like blocking login attempts that fail to match a user’s historical login behavior or device profile can help. Neal Mueller discusses this data and shares phishing demos and recommendations about the effectiveness of phishing prevention tools.

Topics include:

• Google research on stolen credentials
• Phone slamming and phishing kits
• The pros and cons of various prevention methods
• A weighted phishing scorecard based on specific user environments