Sign in with
Sign up | Sign in

Google Warns of Increase in Attempted Account Hijackings

By - Source: Google | B 11 comments

Spammers turning to hacking into Gmail accounts.

Search engine giant Google has warned its users of an increase in attempted account hijackings. It stated that techniques used against U.S. government agencies and corporations are being increasingly employed by hackers.

"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," said security engineer Mike Hearn.

"Although spam filters have become very powerful -- in Gmail, less than 1 percent of spam e-mails make it into an in-box -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before. As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."

Google said that to bypass spam filters, spammers are hacking into legitimate accounts and sending mail through that account's contacts. "We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn explained. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."

The firm said it combats such hacks by using a "complex risk analysis" whenever a user attempts to sign into an account. Over 120 variables determine whether the account is opened through a simple username and password or whether Google will ask the user follow-up questions. For example, what phone number is linked with the account? Since Google began deploying such techniques, compromised accounts have decreased by 99.7 percent since their peak in 2011.

Google recommends a few methods for how users can secure their accounts, including the utilization of a strong, unique password for a Google account, a two-step verification, and setting up recovery options.


Contact Us for News Tips, Corrections and Feedback

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 4 Hide
    COLGeek , February 20, 2013 5:19 PM
    Hacking continues to evolve and geekdom must remain on guard, informed, and educated.
  • 3 Hide
    dalethepcman , February 20, 2013 5:22 PM
    I am so sick of the "what as your high school mascot, pets name, mothers name, first car" questions that you can actually just Google the person to get the answer too. Tada account hacked...

    The two step authentication is nice, but can be cumbersome. The 255 character limit, custom created security Q&A, text message and recovery email is spectacular though.

    Nothing like having a password of YouWillNeverDictionaryOrRainbowTableMeBecauseMyPasswordIsStupidLong!p.s.-hahaha
  • 1 Hide
    joytech22 , February 20, 2013 5:23 PM
    COLGeekHacking continues to evolve and geekdom must remain on guard, informed, and educated.


    So hard when our generation is so dumb..
    Us geeks must let our fellow dummies know the risks and how to avoid them.
  • Display all 11 comments.
  • -3 Hide
    dextermat , February 20, 2013 5:47 PM
    Just saw Mandiant report and gmail is just high fail. Chinese can create gmail account then verify it even if they are in china without any problems. Afterwards, they use gmail for spear fishing and hacking into hotmail, gmail, PC, ect.

    Bottom line gmail is a great hacking tool and let people using their service are just hacker target.
    Quote:
    http://www.youtube.com/watch?feature=player_embedded&v=6p7FqSav6Ho
  • 2 Hide
    NuclearShadow , February 20, 2013 9:50 PM
    My Gmail password has 180 quinquavigintillion possibilities before reaching mine. And yes I mean that literally 180 quinquavigintillion. So if anyone gets into it they deserve to get into it.
  • 1 Hide
    azraa , February 20, 2013 10:34 PM
    123456
    best password ever.

    (just kidding)
  • -1 Hide
    Darkk , February 20, 2013 11:28 PM
    p@$$w0rd is the best ever! lol

    Seriously.. beef up those passwords and use two step authentication. Yes it's a little annoying but much so when your account gets hacked.
  • 1 Hide
    ddpruitt , February 21, 2013 12:08 AM
    dalethepcmanI am so sick of the "what as your high school mascot, pets name, mothers name, first car" questions that you can actually just Google the person to get the answer too. Tada account hacked...The two step authentication is nice, but can be cumbersome. The 255 character limit, custom created security Q&A, text message and recovery email is spectacular though.Nothing like having a password of YouWillNeverDictionaryOrRainbowTableMeBecauseMyPasswordIsStupidLong!p.s.-hahaha


    Easy to break, dictionary attack will catch that password quick. Don't believe me? Check and see how many generators build passwords out of dictionary words.

    Besides as I recall Google (and most others) only use the first 30ish characters regardless of the number you actually enter. Made for some fun with my bank password because it let me enter a 20 character password, afterwards I could never get back in. It only saved the first 16 so when I entered 20 it would always fail authentication.
  • 1 Hide
    A Bad Day , February 21, 2013 1:57 AM
    azraa123456best password ever.(just kidding)


    I broke into someone's WEP network using "1234" once.

    And if the password guessing didn't work, I could've downloaded a WEP encryption cracking software...
  • -2 Hide
    velosteraptor , February 21, 2013 10:42 AM
    I use the same password for everything. Its 5 asterisks.
  • -1 Hide
    alidan , February 21, 2013 12:45 PM
    if i had a cellphone i would use two step...
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter