Each day, more and more “illegal, fraudulent or spammy” email messages originate, or at least appear to, from those you know, says Google.
Thanks to improvements in spam filtering technology, of which Google considers 120 distinct variables when deciding whether to route messages to your inbox or spam folder, spammers are getting smarter (or more desperate). In a coordinated attempt to steal past ever-smarter spam filters, spammers changed tactics around 2010 and began sending you unwanted messages from a contact’s hijacked Google account. Because of previous established connections, these messages appear more genuine and are more likely to get through filtering technology.
To do this, spammers must first gain access a Google Account. The process is a follows; hackers break into websites stealing databases of email addresses and passwords. These databases are then sold online to spammers. Because most people use a single common password across services, these bought credentials are often valid on others – like Gmail.
Gmail boasts that less than 1% of spam messages now make it into an inbox. Improved Google security systems in the last few years perform “complex risk analysis” each time a user attempts to sign-in. This is where Google’s 120 variable authentication factoring comes into play. So if you login to Gmail in Ireland, then again from China 20 minutes later, Google knows something isn’t quite right and prevents access.
Because of measures likes this, and others, the number of compromised Google accounts has fallen by 99.7% since peaking in summer 2011. This blog has noticed an increase in the number of unsuccessful hijack attempts in recent months.
If you have a Google Account we recommend enabling Google’s 2-step verification and keeping your recovery options up-to-date. Also, make sure your password isn’t ‘passw0rd’.