A study carried out by Google has found that a hacker is most likely to use a phishing attack to gain access to your password and hack your account.
Google said that phishing attacks are the “greatest threat” to users of its services and more of a threat than reusing passwords or keyloggers.
A phishing attack involves hackers tricking users into handing over personal information, which is typically done by email.
A keylogger is a special piece of software than can record keystrokes from a keyboard.
Google say that hackers obtain 250,000 valid login details for Gmail accounts every week, highlighting the huge scale of the problem.
Google teamed up with the University of California, Berkeley to looking at the different techniques used by hackers to try and determine which post the greatest threat to users.
From March 2016 to March 2017, researchers say there were over 12 million cases of accounts being hacked by phishing attack. By comparison just 788,000 accounts were compromised after having login credentials stolen by key logger software.
Both phishing attacks and keyloggers were found to have a success rate of between 12 and 25 percent. This means that a carefully crafted phishing attack can be just as effective as a piece of software such as a key logger, which is designed specifically to hack accounts.
Google said that hackers are using simple methods such as social engineering to help them carry out the phishing attacks.
“Because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity,” Google said in a blog post.
“By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.”
Google said that around 7 percent of the passwords compromised in these breaches could be used to access a valid Gmail account.
Google said it would use the results of the study to help boost security for its users.
Users should also use a password manager and set up two factor authentication wherever possible.
“We are now using these insights to improve our login defenses for all users,” Google said.
“Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution.”