Google Warns of Increase in Attempted Account Hijackings
Spammers turning to hacking into Gmail accounts.
Search engine giant Google has warned its users of an increase in attempted account hijackings. It stated that techniques used against U.S. government agencies and corporations are being increasingly employed by hackers.
"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," said security engineer Mike Hearn.
"Although spam filters have become very powerful -- in Gmail, less than 1 percent of spam e-mails make it into an in-box -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before. As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."
Google said that to bypass spam filters, spammers are hacking into legitimate accounts and sending mail through that account's contacts. "We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn explained. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."
The firm said it combats such hacks by using a "complex risk analysis" whenever a user attempts to sign into an account. Over 120 variables determine whether the account is opened through a simple username and password or whether Google will ask the user follow-up questions. For example, what phone number is linked with the account? Since Google began deploying such techniques, compromised accounts have decreased by 99.7 percent since their peak in 2011.
Google recommends a few methods for how users can secure their accounts, including the utilization of a strong, unique password for a Google account, a two-step verification, and setting up recovery options.