A new Google analysis on manual hacker attacks occurred in the period of 2012 – 2014, posted in their blog shows that this could be a really harmful process which can lead to a lot of damage for users.
The manual attacks are usually aiming at a single victim at a time and can steal information from their accounts really fast. Hackers need about 30 minutes to look around users’ browsing history, hacking the actual account taking about 1.
Most of the attackers are known to be located in China, Malaysia, the Ivory Coast, Nigeria and South Africa. Often they just gather user information and arrange secondary attacks that can take a bit longer than the primary ones.
Google’s researchers’ opinion is that these attacks use the same phishing techniques spread out through the Internet, and still people tend to fall in the traps again. The success rate of a good phishing attack is about 45%, although a typical attack can have around 13.7%. Attacks coming from hijacked accounts, appearing as legitimate ones have 36 times more victims though. If your account has been hacked it’s not very likely for you to understand about it until it’s too late.
Coming back into a hacked account could be hard as well, unless you have a backup email address or even better – a mobile number for identification. Hackers can control these to some extent as well although this could be quite risky for them. Getting back a hacked account can take around 13 hours average for victims, which means that for a small group of users this could take quite long. Luckily manual hack attacks remain very rare – 9 per a million, the Google report says.
Our conclusion about manual hack attacks is that although being rare, they take much longer for users to recover. The best protection remains the 2-step verification process applied to your accounts, best with a mobile phone number.