http://www.slashgear.com/phishing-scams-45-successful-according-to-google-study-08354678/ "Furthermore, Google found that approximately 20 percent of all hijacked accounts were accessed within 30 minutes of a hacker obtaining the login info, and that once they successfully crack an account, hijackers typically spend at least 20 minutes inside, often changing passwords to lock out the actual account owners, searching for other account details (such as bank accounts and social media information) and targeting new victims." http://www.redorbit.com/news/techno...ount-hijackers-being-fought-by-google-110814/ "Savvy netizens should be able to spot a dodgy-looking page, so now crims are directing people to servers that fetch legit pages from the website being impersonated and pass those on to the mark to convince them it's safe to hand over their personal details. The in-between relay can even lower prices of stuff being sold online to lure in people looking for a bargain." http://www.theregister.co.uk/2014/11/07/proxy_program_phishing/
Even the most sophisticated can sometimes get caught. Of course, one of the defences is more widespread deployment of two-factor authentication, I have to admit that it's strange to me that there appears so little interest in this. For example, Google has now launched their U2F-based service which uses very cheap keys ($18 and down). Here's some information on this, which doesn't appear to have much traction here? https://www.wilderssecurity.com/thre...on-first-look-with-google-and-yubikey.369913/