Google wants the world to know that it takes security, spam email, and account hijackers seriously, and it’s proving so by detailing a few statistics and security measures in a new blog post on Tuesday.
According to the official Google blog, scams, illegal, fraudulent, or spam messages often come from a person’s own contacts. Only 1 percent of that spam lands in the Gmail inbox, but spammers have started increasingly hijacking accounts in recent years to improve their chances at being more successful. They’ve turned into “account thieves,” as Google dubbed them, breaking into databases to steal usernames, passwords, and online keys to accounts.
Google said it saw one attacker attempting to hack a million Google accounts every day for several weeks and even an entire gang trying to illegally access over 100 accounts per second. With such aggressive spamming and hijacking, Google has a security system that does more than check if a password is correct.
“Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made,” Google wrote.
Google confronts suspicious sign-in attempts with security questions, such as a phone number request, and said these safety measures have “dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.”
Google finally recommended folks help suppress spammers and hijackers by implementing a strong, unique password for their Google account, upgrading to 2-step verification, and updating their recovery options.