February 19, 2013
While Google's (NASDAQ: GOOG ) Gmail has drastically improved its filtering over the years -- fewer than 1% of spam emails make it into inboxes -- spammers have become more sophisticated in their attacks. To improve their chances of bypassing spam filters and reaching customers' inboxes, spammers now send obnoxious emails from a contact's account. In effect, spammers have become account hijackers.
Account hijackers buy access to people's email accounts. On the black market, cyber criminals -- who have stolen a databases of usernames and passwords from websites -- sell personal information to these hijackers. As usernames and passwords are often the same across different accounts, attackers attempt to break into these accounts across the web. In one instance, Google saw a single attacker steal passwords to break into a million different Google accounts every single day, for weeks at a time.
However, Google has dramatically reduced the number of compromised accounts by 99.7% since the peak of these hijackings in 2011 by checking for more than just a password. The company's system performs risk analyses on over 120 variables to ensure that the sign-in comes from the owner. If the sign-in is suspicious or risky, Google asks a few simple questions about your account.
Google says users can help keep spammers out by using a strong, unique password for their Google account, upgrading their account to 2-step verification, and updating the recovery options with a secondary email address and phone number.