As Microsoft has announced a broad launch of its new Outlook.com webmail product, Google has taken the opportunity to discuss how prevalent fraudulent spam that appears to be coming from people you know has become, and the efforts it is taking to keep Gmail (and really Google Accounts) safe.
According to Google, only one percent of spam emails even make it into an inbox, but in 2010, they started seeing a large increase in fraudulent email sent from Google accounts, prompting the team to take more aggressive measures. Google security engineer Mike Hearn writes:
Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made.
If a sign-in is deemed suspicious or risky for some reason—maybe it’s coming from a country oceans away from your last sign-in—we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.
As it often does, Google advises users to take advantage of its 2-step verification system, and to use strong passwords and update account recovery options.