Google warns of "manual hacking"

If you are worried about botnets, you should be aware that many hackers are still going old school. They targeting specific individuals in the hopes of a nice payday.

The subject of a new report from Google researchers, manual account hijacking is much less common than large-scale scams. The paper says: "In contrast to automated hijacking, manual hijacking is exceedingly rare. We observe an average of 9 incidents per million Google users per day. However, the damage manual hijackers incur is far more severe and distressing to users and can result in significant financial loss. These needle-in-a-haystack attacks are very challenging and represent an ongoing threat to Internet users."

Google looked into the hacking between 2011 and 2014. Phishing appears to be the exploit of choice. Most are emails trying to get you to click on a link. You will then be asked to enter some personal info. These scammers are most interested in your email account, where they will rifle through in search of banking information or contacts they can proposition for funds while pretending to be you.

China seems to be the center for most of the phishing. The Ivory Coast, Malaysia, Nigeria, and South Africa are also hot spots. Once they're in, the hackers will spend only about three minutes determining whether your account is worth anything to them.

"We found out that hijackers mainly look for financial data (including the victim's financial status and images of signatures to be used for future impersonation), linked account credentials (e.g., usernames and passwords for the victim's other accounts), and personal material that might be sold or used for blackmail (e.g., adult pictures)," Google said. "We find that searches are overwhelmingly for financial data as opposed to other account credentials or content."

To protect yourself, Google suggest two factor authentication.