In a post on the official Google blog, Google Security Engineer Mike Hearn explains that the steps the company has taken mean that cybercriminals are being forced to hijack legitimate email accounts in order to spread bogus advertising, conduct phishing attacks or otherwise extort money or information from the unsuspecting public.
"To improve their chances of beating a spam filter by sending you spam from your contact's account, the spammer first has to break into that account. This means many spammers are turning into account thieves. Every day, cyber criminals break into websites to steal databases of usernames and passwords-the online "keys" to accounts. They put the databases up for sale on the black market, or use them for their own nefarious purposes," says Hearn.
Google has experienced instances of a single attacker using such stolen passwords to attempt to break into "a million different Google accounts every single day, for weeks at a time." This is why the company supports its email service with a complex risk analysis which, according to Hearn, considers "more than 120 variables" before deciding if a login attempt is valid or the work of hackers.
As a result, the number of compromised accounts has fallen by 99.7 percent since the peak of such hijacking attempts in 2011.