News

01:35 PM
Connect Directly
RSS
E-Mail
50%
50%

Google: We've Stopped Most Gmail Account Hijacking

Google cites 99.7% decrease in Gmail account hijackings since 2011 peak, thanks to risk analysis defenses.

Google this week announced that since putting a system in place to check 120 different variables related to online sign-ins, it's reduced the incidence of Gmail account hijackings by 99.7% since they peaked in 2011.

That's welcome news for anyone who's experienced first-hand the joys of having a friend or acquaintance get their webmail account hijacked. Cue "urgent" appeals and fake sob stories about getting mugged in London just hours before being scheduled to return home. "Kindly help me send the money via Western Union Money Transfer to my name and hotel address below," read one widely distributed scam email.

More recently, scammers used compromised webmail accounts to send emails with a bit.ly link that led to a fake -- but real-looking -- careers page at "careers.nbcnews.com-iw9.net" that interwove content stolen from NBC with plugs for work-at-home operations and "home cash success." More often than not, such scams are just fronts for money mule operations.

[ Do you know the warning signs that your identity has been stolen? See Identity Fraud Hits 3-Year High; Costs $21 Billion. ]

According to Google, the principal account-hijacking technique involves attackers using usernames and passwords stolen from other sites -- which may have been purchased on cybercrime forums -- then testing to see if they've been reused for Webmail accounts, thus allowing the grifters to go to work.

"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," said Google security engineer Mike Hearn in a blog post. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."

Most account takeovers are made by scammers seeking to reliably distribute greater amounts of spam. "Although spam filters have become very powerful -- in Gmail, less than 1% of spam emails make it into an inbox -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before," Hearn said. "As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."

But scammers aren't the only people intent on hijacking webmail accounts. In 2011, notably, Google warned that hundreds Gmail users -- including senior U.S. government officials and Chinese activists -- had been targeted in account-takeover attacks. In 2012, Google added a warning system to Gmail accounts that announces when a user's account appears to be the target of a state-sponsored account takeover attempt.

Google said its risk assessment system now successfully blocks most of these types of account takeovers. "Every time you sign in to Google, whether via your Web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you," said Hearn, noting that 120 different variables get assessed.

"If a sign-in is deemed suspicious or risky for some reason -- maybe it's coming from a country oceans away from your last sign-in -- we ask some simple questions about your account," he said. "For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner."

This type of adaptive authentication -- asking more questions whenever something looks suspicious -- isn't unique to Google, and is already available off-the-shelf from other security companies, such as RSA, which said its related software is now widely used by financial services firms.

While the risk analysis tools being employed by Google have helped stem account takeovers, to block even more such hacks, Hearn recommended that users enable two-factor authentication for Gmail, create strong passwords and ensure that their account recovery settings include a backup email address and a phone number.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NG11209
50%
50%
NG11209,
User Rank: Apprentice
2/22/2013 | 6:34:05 PM
re: Google: We've Stopped Most Gmail Account Hijacking
The other day I was shut out from searching Google from my iphone because it said there had been suspicious activity from my device Gă˘-ßbut I was still able to sign into Gmail using the mail app. Eventually, the search warning went away. Interesting that I couldn't search for the closest pizza place, but could still access e-mail from a supposedly "compromised" device.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Strategist
2/22/2013 | 5:54:13 PM
re: Google: We've Stopped Most Gmail Account Hijacking
Google in Gmail should display both the email address and the name field when the two differ. That would help make suspect messages more obvious.
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed