We’ve seen some pretty clever email scams over the years – such as the ‘travel money scam’ where a friend sends a frantic message saying that they’re stuck overseas and have just lost all of their money, before begging you to send them some funds. Dozens of variations of this exist, along with altogether different scams such as the “click this hilarious link!” messages.
Most tech-savvy users realize straight away that these messages haven’t been sent by their friends at all; instead, they were sent out by criminals that hijacked their friend’s email accounts. This kind of phishing scam apparently reached its peak during the summer of 2011, at which time Google decided to hit back at the account hijackers. Now, the company has just revealed how successful these efforts have been, reporting that the number of Gmail accounts hacked since then has dropped by 99.7%.
Google’s detailed report explains how the email hijacking scams originated. Apparently, the trick evolved as a result of improved spam filters that would successfully weed out your traditional “phishing” emails sent from an unknown address. These measures prompted hackers to hijack people’s email accounts instead, using these ‘trusted’ accounts to send out their fake messages instead and get around the spam filters.
In order to solve this problem, Google introduced a wave of new security measures beyond simple password authentication. Nowadays, Google performs a “complex risk analysis” whenever someone attempts to login to their Gmail, taking into account more than 120 variables to determine if it is the genuine users. Should Google’s system decide that the level of risk is too high, other security measures will kick in to prevent unauthorized access.
These include such things as asking the user a ‘security question’, or prompting them to enter the phone number associated with the account. As Google points out, anyone who steals a password for someone else’s Gmail account is unlikely to know the answers to these questions as well, hence the massive drop in hijacked accounts.
Google’s announcement is timely, serving to show off how secure their email service is at a time when Microsoft has just transformed its outdated Hotmail service into the revamped Outlook.com in an attempt to steal users away from Gmail.
Still, Google does remind us that its security measures can never be 100% water-tight. Users can help themselves to lessen the risk however, by turning to Gmail’s two-step verification system and adopting a much tougher, more complex password. In addition, users should ensure that their account recovery information is kept up to date with a secondary email addressed and their current phone number.