BSidesSF 2018 has ended
Back To Schedule
Monday, April 16 • 2:50pm - 3:20pm
You want to step outside? What we can learn from Google’s fight with phishing

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Phishing is the great public plague of the web, and attacks are on the rise. In the first longitudinal measurement of the underground ecosystem fueling credential theft, Google identified 12.4 million potential victims of phishing kits, and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Our researchers estimated that 7–25% of stolen passwords in the dataset would enable an attacker to log in to a victim's Google account and take over their online identity.

Phishing threats can be mitigated, though, with user education and controls like anti-virus software, two-factor authentication, password managers, and security keys. For example, the data showed that techniques like blocking login attempts that fail to match a user’s historical login behavior or device profile can help.

In this discussion, we'll describe this recent Google research on stolen credentials in detail, and demonstrate phone slamming and phishing kits. We'll use these topics as a jumping off point for a discussion on the pros and cons of each prevention method, with the goal of providing a customized, weighted phishing scorecard based on participants' specific user environments.

avatar for Neal Mueller

Neal Mueller

Product Lead, Google
Neal Mueller is the product lead for Google Cloud Platform working on BeyondCorp.

Monday April 16, 2018 2:50pm - 3:20pm PDT