All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Security researchers have sounded the alarm for millions of Gmail, Facebook, and Amazon users after tracking a sharp increase in activity from hackers trying to break into these popular sites. Experts at antivirus firm Kaspersky recorded a 40% spike in password-hacking attempts compared with last year.
Facebook, Amazon, and Google accounts are the most sought-after as they help hackers with credit card fraud, identity theft, and malware distribution.
With access to your Gmail, scammers can reset the passwords for other online accounts — and follow the reset instructions sent to your inbox. This is extremely dangerous as you could quickly find yourself locked-out of every online account, with the passwords changed to something new.
Likewise, Facebook offers scammers access to your friends and family, enabling them to guess security questions used to protect online banking and other secure accounts. Not only that, but it also provides a list of people who could be contacted to trick them into downloading malware, transferring money, and other scams.
Kaspersky research shows the dramatic increase in password-hacking attempts across well-known brands like Facebook, Microsoft, and Google
KASPERSKY PRESS OFFICE
Kaspersky recorded 26 million attempts to break into Facebook, Google, and Amazon accounts in the first six months of the year. This represents a 40% increase compared to the first six months of 2023 across these three popular brands, but Google has suffered the single biggest spike — with a jaw-dropping 243% rise in phishing attacks so far this year.
Mastercard has seen a 210% rise in attempts to steal sensitive data and money too, followed by Facebook and Netflix, both of which experienced a doubling of attack attempts.
According to Kaspersky research, that dramatic increase isn't due to a dip in user vigilance, but rather a new-found aggression from cybercriminals looking to siphon users’ data and money.
Kaspersky software has blocked millions of attempts from scammers in recent months, the full breakdown of the most-attacks websites is as follows...
Rounding out the ten most-targeted brands, Kaspersky has seen sustained attacks on PayPal, Mastercard, Apple, Netflix, and Instagram by cybercriminals looking to steal personal information and payment details.
Discussing the findings, Kaspersky Security Expert, Olga Svistunova commented: "This year has seen a significant increase in phishing attempts targeting Google. If a phisher gains access to a Gmail account, they can potentially access multiple services, making it a prime target.
"Phishing for Mastercard, typically aimed at stealing money, has likely risen alongside the proliferation of fake online shops pretending to sell goods and offering checkout options with allegedly Mastercard.
"Interestingly, Microsoft experienced a decline in clicks on phishing resources. Since this brand is frequently targeted for corporate credentials phishing, the decrease may be attributed to improved cyber literacy in various organisations. DHL has also seen a decline, which is a common trend among several transport and logistics brands we analysed."
Gmail remains one of the most popular targets for hackers, since it enables them to reset dozens of other online accounts that rely on the email address as a recovery mechanism
UNSPLASH
If you're concerned that your Facebook, Google, or Amazon account has been breached by scammers, there are some simple steps you can take to attempt to limit the damage.
Passkeys are an increasingly common solution to shield your accounts without relying on a lengthy alpha-numeric password that's impossible to remember. This clever solution uses the security feature built into your smartphone — like Face ID facial recognition on iPhone, fingerprint scanners on Samsung Galaxy, and more — to verify your identity when you log in to a website or app.
Support for these password replacements is slowly being adopted by the biggest online services and applications, with Elon Musk enabling support on X for iPhone owners earlier this year, with WhatsApp also adopting passkeys to avoid its users relying on guessable passwords.
Password managers are another popular solution.
These standalone apps generate unique passwords with no discernable pattern at all — and a healthy mixture of lower- and uppercase characters, symbols, numerical digits, and much more. It would be impossible to memorise these long, unique jumbles of characters for every login, so password managers encrypt and save all of them for you — filling in the fields within apps and websites for you.
You'll only need to remember a single password: the one that unlocks your password manager.
Many of these applications also rely on biometrics, like fingerprints and facial scans, to lock down everything.
Password managers, like 1Password (pictured), can manage lengthy, unique alpha-numeric passwords for every online account and monitor the Dark Web for breaches and hacks 1PASSWORD PRESS OFFICE Apple includes a password manager — known as iCloud Keychain — as part of the mobile operating system that ships on every iPhone, iPad, and Mac, while Californian rival Google has baked in a similar system into Chrome. However, the iPhone manufacturer has big plans to overhaul this system with a true competitor to the likes of 1Password, NordPass, and LastPass in the coming months as part of its next free upgrade.
LATEST DEVELOPMENTS
In the last few months, we've seen security researchers unearth the so-called "mother of all breaches", with billions of stolen usernames and passwords for popular sites like LinkedIn, X (formerly Twitter), Telegram, and Dropbox. Not only that, but hackers used credential stuffing to break into half a million Roku accounts and spend money using saved payment details.
Whatever you do, make sure you're not using a password on this list published by Nord.
