Google Warns of Increase in Attempted Account Hijackings

Search engine giant Google has warned its users of an increase in attempted account hijackings. It stated that techniques used against U.S. government agencies and corporations are being increasingly employed by hackers.

"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," said security engineer Mike Hearn.

"Although spam filters have become very powerful -- in Gmail, less than 1 percent of spam e-mails make it into an in-box -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before. As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."

Google said that to bypass spam filters, spammers are hacking into legitimate accounts and sending mail through that account's contacts. "We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn explained. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."

The firm said it combats such hacks by using a "complex risk analysis" whenever a user attempts to sign into an account. Over 120 variables determine whether the account is opened through a simple username and password or whether Google will ask the user follow-up questions. For example, what phone number is linked with the account? Since Google began deploying such techniques, compromised accounts have decreased by 99.7 percent since their peak in 2011.

Google recommends a few methods for how users can secure their accounts, including the utilization of a strong, unique password for a Google account, a two-step verification, and setting up recovery options.

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
  • Hacking continues to evolve and geekdom must remain on guard, informed, and educated.
  • I am so sick of the "what as your high school mascot, pets name, mothers name, first car" questions that you can actually just Google the person to get the answer too. Tada account hacked...

    The two step authentication is nice, but can be cumbersome. The 255 character limit, custom created security Q&A, text message and recovery email is spectacular though.

    Nothing like having a password of YouWillNeverDictionaryOrRainbowTableMeBecauseMyPasswordIsStupidLong!p.s.-hahaha
  • COLGeekHacking continues to evolve and geekdom must remain on guard, informed, and educated.

    So hard when our generation is so dumb..
    Us geeks must let our fellow dummies know the risks and how to avoid them.