Every day, millions of people access their Google account to check email or watch videos on YouTube. Meanwhile, hackers monitor their Internet activity very closely. What strategies do they use to steal their data and passwords?

According to Google, hackers mainly use three techniques that pose a risk to all online account services. We tell you what they are.


The study authors identified 12.4 million account credentials that were stolen using a technique known as phishing.

That computer thermal comes from the English word that in Spanish is translated as “fishing” and refers to the identity theft by scammers to obtain personal data of users.

The goal can vary from usernames and passwords to bank details and access accounts to other online services. The “fishermen” access the information using false messages as “bait” for their victims, pretending to be other people or entities through phishing emails, messages or phone calls.

A password is not enough to access Google, so more sophisticated hackers tried to collect sensitive data that we could ask to verify the authenticity of the user, such as the IP address and location, the phone number or the model of the device.


The second threat is keyloggers, a type of programs that allow us to record every typing that we make on the computer or everything we see through the screen and send it to an external server.

This type of digital scam occurs frequently in places of public connection, such as cybercafés. It is usually part of major infections through malware. Computer criminals distribute these programs through computer worms and other types of Trojans (computer viruses).

A simple signal to detect this type of infection is when typing we observe a double tilde (”).

Security Breaches

The third way that hackers use is, according to Google, the security breaches in third-party services. In those cases, cybercriminals steal the databases of a company.

The company identified 1,900 million data product of these failures and later verified if some of those commercialized data were used to access Gmail accounts and other services.