Every day, cyber criminals break into websites to steal usernames and passwords, and since so many of us re-use the same password across different accounts, stolen passwords from one site are often valid on others. With these passwords in hand, attackers can wreak havoc on our accounts.  

These days, hijacked accounts are nothing new, especially when it comes to services run through Google (News - Alert), which has seen a single attacker use stolen passwords to attempt to break into a million different accounts every single day, for weeks at a time, while another attacker attempted sign-ins at a rate of more than 100 accounts per second.  

In fact, Google’s security team has seen an increase of this trend in 2010, largely by spammers tired of dealing with spam filters and eager to make money with their own messages.  According to Google, more scams (illegal, fraudulent, or spammy content) come from someone you know today than compared to five years ago. In Gmail, less than one percent of spam emails make it into an inbox, and so unwanted messages are more likely to make it through if they come from someone you’ve been in contact with before.

So, Google’s security team has developed new ways to keep you safe, and has reduced the amount of these messages. Google now uses more than 120 signals to try and detect whether a log-in is legitimate, and has reduced the number of compromised accounts by 99.7 percent since the 2011 peak. Every time you sign in to Google, whether via a Web browser once a month or an email program that checks for new mail every five minutes, its system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you.

Additionally, if a sign-in is suspicious, Google asks simple questions about the account. For example, it may ask for the phone number associated with your account, or for the answer to your security question.

You can also help to protect your account by making sure you’re using a strong, unique password for your Google Account,upgrading your account to use 2-step verification, and updating the recovery options on your account. Following these quick steps means less spam for your contacts, as well as improved security and privacy for you.