Google says it's effectively blocking hackers and spammers

The dramatic drop in compromised accounts is down to effective monitoring and risk assessment says Google
Source: Google Google says that the number of accounts that are hacked and then abused by spammers has fallen dramatically. For a while now, Google has been checking how likely it is that a login attempt is actually by the account owner.

The risk assessment process that Google uses factors in more than 120 variables each time a user logs in, either by web browser or through email connection. For example, if a login attempt comes from a different continent compared to the previous login, then this increases the likelihood that a spammer is trying to log in with stolen credentials. When a certain threshold is exceeded, Google will ask for personal information such as the phone number of the account number or an answer to a previously entered secret question challenge.

Google has been able to reduce the number of compromised accounts that were abused by spammers by 99.7 per cent since a peak of the hacking attempts in July 2011. That reduction can be explained primarily by better monitoring. The comparison point is, of course, not chosen at random; in July 2011, the abuse numbers had reached a such a high point that the percentage decrease is correspondingly large.

Cyber-crooks exploit existing Google accounts by harassing the contacts of the hijacked accounts with spam. Because the contact and account holder know each other, emails can slip through the mail provider's spam filters quite efficiently. There are also scams where the criminals pretend that the account holder has been robbed abroad and urgently needs money to get to work or home and asks their contacts if they can wire money to them.

Scammers often get access to other accounts too, as many users, out of a desire for convenience, use the same login credentials on different web services. Google reports that it has seen a single attacker using stolen passwords try and break into a million different Google accounts every day and that other gangs have tried attempted sign-ins at over 100 accounts per second. Google feels its systems survive this kind of attack much better than other systems thanks to its risk-assessing security.

(djwm)