Gmail now warns users of suspicious account activity
Google sounds new alert when accounts may have been hijacked
Computerworld - Google today added an alert to Gmail that warns users of the Web mail service when their account may have been hijacked.
Using several criteria -- including plotting the Internet protocol (IP) address of each successful log-on -- Google determines whether to sound the alarm, which pops up at the top of a user's account and reads "Warning: We believe your account was last accessed from..." along with the location associated with the log-on.
If an account is accessed from one country, then again a few hours later from a different country, Google would likely sound the alarm. The assumption: The multiple and geographically divergent log-ons would be a clue that the account had been hacked, and was now being used to send spam, spread scams or distribute malware.
"It's actually much more sophisticated than that," said Will Cathcart, a Gmail product manager. "If we determine that an IP down the block [from you] has logged into your account, and has recently logged into lots and lots of accounts, we'll display the warning."
Cathcart declined to reveal details of the other factors that Google takes into account when deciding whether to trigger an access alert, saying only that the IP locating criteria was "a data point that most users can easily understand."
The idea is to give users more information about activity on their Gmail accounts, Cathcart said. "This is an evolution of what we've done for some time," he said, referring to the account activity records that users have been able to view since mid-2008. "We've been doing a lot of compromised account detection work, and we wanted to give users information about why we think an account may be compromised. This way, we reach out to a lot more users, because we don't need to be 100% certain that an account [has been hijacked] before we block it. Now we can be just 99% sure, and give the users the information so they can take action."
Cathcart claimed that the problem of Gmail account hijacking affected only a "very very small number" of users. But for those whose accounts are hijacked, it's "a really painful problem, even if all the hijackers do is send spam."
He sidestepped a question about whether the new alert would have helped Chinese human rights activists whose accounts were compromised. Last January, Google cited activity directed against those accounts, as well as attacks on its corporate network, when it announced it would no longer censor the search results of its Chinese engine. "I wouldn't want to say which accounts would have been warned, but in general, when people have their accounts compromised, we would love to be able to warn them," Cathcart said.
Google will roll out the feature to Google Apps at some later point, the company added in a post to the Gmail blog today.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Chrome users attack Google for zapping unsanctioned Windows add-ons
- Google postpones add-on 'kill switch' for Chrome on Windows
- Google yanks option to restore Chrome's old-style new tab page, riles users all over again
- Google's 3D tech could be boon to Glass, robots and virtual reality
- Google bots are coming!
- Antitrust deal leaves Google unscathed
- Google agrees to give equal prominence to rivals' services to settle EU antitrust case
- Lenovo-Moto deal's impact on Apple? Zip
- With Motorola sold, Google can focus on robots, Glass and smart homes
- Google is developing a smart contact lens
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts