Google Security Engineer Cautions On Spammers Turning To Hijacking Accounts

Spammers are changing tactics, and Google is trying to get the word out. These days, the bad guys are using hijacked accounts to launch their scams. By now, spam filters can spot old-school spam mail with reliability, but it’s harder to snag emails that appear to be from your friends – both for the filter, and for you. You’re not going to fall for an email that starts with “Most esteemed Sir,” but would you let your guard down for an email from a buddy asking for a little help?

Google Password Security Page

Google keeps an eye out for suspicious sign-in attempts. Image credit: Google

As Google points out on its blog, finding hijacked accounts and using them to send spam to their contacts is easy to do. After all, if a hacker gets a person’s password for one account, he can probably get into several of that person’s accounts, assuming the victim uses the same password for multiple sites. Those password get sold in large quantities, and spammers use them relentlessly. Think the risk is small? Google says that hackers have tried attacks that amount to millions of account attacks per day.

Of course, Google is using the announcement to tout its own safety precautions, but it’s something to keep in mind regardless of what services you use. And those precautions are worth touting – for example, Google keeps track of where you’re signing in from and asks security questions if your current sign in is geographically far from where you were the last time you signed on.