Google kills account hijacks with statistics

Google has pulled back the curtains a little on how it maintains the integrity of customer email accounts.

Gmail hijacking statistics since 2010. Source: Google.

According to the search giant, every time a customer logs into their Google account, a statistical analysis with 120 variables is performed to gauge the likelihood the account is being accessed by its legitimate owner.

The insight into Google’s account integrity testing comes as phishing becomes less effective, and crooks are resorting to simply hijacking user accounts to commit fraud.  

“If a sign-in is deemed suspicious or risky for some reason — maybe it’s coming from a country oceans away from your last sign-in — we ask some simple questions about your account,” said Google security engineer Mike Hearn, in a blog post.

The company said its statistical techniques have reduced the incidence of account hijacking by 99.7 percent since the use of hijacking peaked in 2011.

Hearn did not, however, reveal how many hijacking attempts are made each year.

Google used the post to urge users to upgrade the security they use when getting into their accounts.

These techniques include using a stronger password, upgrading to two-factor authentication, and updating secondary recovery information, such as a phone number and alternative email address.