Sweeter than honey: Are Gmail accounts associated with greater rewards at a higher risk of hijacking?

Danielle Stibbe, Stijn Ruiter, Wouter Steenbeek, Asier Moneva

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

Objectives: This study investigates the effect of advertised rewards in credential leaks on the likelihood and speed of account hijacking. Methods: In an online field experiment, we created 176 honey Gmail accounts and randomly assigned them to eight different posts containing account credential leaks. We used a 2 × 2 experimental design, manipulating two key variables within the post titles: the number of accounts (5 K or 1.5 M) and the promise of access to additional platforms (absent or present). We then monitored the accounts for any subsequent activity. Results: Our findings indicate that the promise of access to additional platforms increased the likelihood and speed of an attempted access. Only 12 accounts were fully accessed, however, because most hijackers did not complete the second-factor authentication (2FA) process required for gaining full access. It seems that the 2FA acted as a deterrent to complete Gmail account hijacking. Conclusions: The study aligns with the rational choice perspective of crime, showing that the prospect of greater rewards leads to more attempted account accesses. Pre-registration: https://osf.io/9y26z.
Original languageEnglish
Article number100410
JournalComputers in Human Behavior Reports
Volume14
DOIs
Publication statusPublished - 1 May 2024
Externally publishedYes

Cite this