Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How Google Protects Your Account Against Phishing Attacks

How Google Protects Your Account Against Phishing Attacks

By István F.István F. Verified by Adam B.Adam B. Last updated: July 17, 2024 (0)

How many times have you heard ‘Think before you click’ from the IT guy? This rule is to be remembered for every link you receive in an email, especially nowadays, when phishing attacks are on the rise.

In a study entitled “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials”, Google researchers analyzed the 12-month period between March 2016 and March 2017. After crunching through all the data, what they found raised a red flag – and helps us understand the risks that all internet users are exposed to.

The researchers identified 788,000 potential victims of off-the-shelf keyloggers, 12.4 million potential victims of phishing kits, and 1.9 billion usernames and passwords exposed through data breaches and traded on black market forums often called the ‘dark web’. These victims span the entire the globe, so it’s a threat for everybody.

According to this study, the risk of a full email takeover depends significantly on how attackers first acquire the victim’s re-used credentials. Only 7% of the victims in third party data breaches have their current Google password exposed, compared to 12% of keylogger victims and 25% of phishing victims.

What is phishing?

Cyber criminals try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. You might have heard such a warning from the IT security department: don’t click on links that look suspect. Think of an email promising a hilarious video or that appears to come from a trustworthy source or a service that you regularly use that you weren’t expecting.

These emails are designed to trick you into clicking on malicious links or attachments. The website the link leads to may look legitimate, but if you inspect it carefully you will find various differences when compared to real deal. The malicious site is designed to trick the user into divulging sensitive information – particularly username and passwords or banking information – or simply downloading and installing malware onto the computer to infect it.

Compared to phishing attacks – which means that emails sent to any random account – spear-phishing is a targeted attack. These kinds of emails are designed to appear to come from someone the recipient knows and trusts, and furthermore can even include a subject line tailored to the recipient’s personal interests.

Google’s actions to shut down phishing

As explained by Google’s director of counter-abuse technology, the search giant and email service provider has implemented a multilayer account protection strategy known as defense in depth. The first layer between phishers and Gmail accounts is an automated bulk filtering process. In fact, Google actually blocks up to 90% of emails before it even reaches the account.

Google also uses a measurement tool that it calls ‘sender reputation’ to determine whether the sender is a malicious account or legitimate. It also scans for bad links, before finally subjecting messages that pass the first layers of defense to more intense filtering. In the end, if it finds the email suspicious, you will likely find the email in the spam folder.

Additional tools

In addition to those described above, Google has other security measures that it provides to its users, but these are downloaded only by those are security aware. Firstly, there is Password Alert, a service that warns users they have typed their Gmail password into a fake login page, and secondly there is the Google Advanced Protection Program.

But before you start using either of these services there are some steps Google – just like any other internet security professional – recommends:

  • Create strong passwords.
  • Use unique passwords for every account.
  • Keep track of multiple passwords.
  • Activate two-step verification.

We all know that it is impossible to remember the unique passwords of hundreds of online accounts we all have, so for that – and to help create cryptographically secure passwords – use a password manager. Check out our reviews section to pick the one that suits your needs.


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us