Google has announced its “war against account hijackers” campaign has helped reducing account hacking by 99.7 percent since the launch of the initiative.
Google in a blog post said, scams, illegal, fraudulent or spam messages often come a person's own contacts. Though only 1 percent of that spam shows up in the inbox, spammers have of late started targeting hijacking accounts. Moreover, spammers have now become “account thieves” sneaking into databases to steal usernames, passwords and online elements of the accounts.
“With stolen passwords in hand, attackers attempt to break into accounts across the web and across many different services. We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time,” says Google in the blog.
“A different gang attempted sign-ins at a rate of more than 100 accounts per second. Other services are often more vulnerable to this type of attack, but when someone tries to log into your Google Account, our security system does more than just check that a password is correct.”
Google also explains how its Security tools help users protect their account. Every time a user signs into Google via web or another platform that checks for new mail every five minutes, Google's system conducts a complex risk analysis to determine how likely is that sign-in has come from the valid users. Google uses more than 120 variables to make a decision.
“If a sign-in is deemed suspicious or risky for some reason—maybe it’s coming from a country oceans away from your last sign-in—we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question,” adds Google.
“These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.”