Other measures include exchanging personal information only on encrypted sites, and keeping your software up to date with the latest patches - these tried-and-true tips have never been more important and effective. Take our two-minute Security Checkup to protect your account and adjust your security settings, and learn more about other ways to keep your Google Account secure at privacy.google.com.
But this Safer Internet Day, we wanted to give some insight into how our systems protect you automatically - on Google and beyond. No switches to flip or buttons to click, just the stuff that happens in the background that keeps you protected around the clock while you go about your day.
Outsmarting phishing to protect your Google Account
|Spam emails take advantage of your trust in friends and businesses to try and steal your username and password|
Luckily, we’ve built lots of smart armour into Gmail that helps to block dodgy messages before you ever see them. Our systems anonymously examine thousands of signals on Gmail - where a message originated, to whom it’s addressed, what’s contained in the message, how often the sender has contacted the recipient in the past - to determine which messages are safe, and which ones aren’t. We then filter the vast majority of this nasty stuff out; the average Gmail inbox contains less than 0.1 percent spam.
Even that’s not enough, though, because the bad guys can be pretty clever. For example, a fraudster could steal your username and password because you accidentally shared them on an especially deceptive scam site. But even if attackers have your credentials, our systems are still able to block them and keep your account safe - something we did hundreds of millions of times in 2016. That's because we aren’t just making sure you’ve typed the right password.
We also look for subtler signals to confirm the sign-in is you and not someone else: Are you using the same device that you usually use? Are you in a familiar location, or somewhere far away that you haven’t been to before? Scammers leave behind a trail of clues that help us inspect each log-in attempt and compare it with the picture of a safe log-in that our systems have painted based on billions and billions of other log-ins. If something looks fishy, we’ll require more verifications designed to thwart bad guys, send notifications to your phone, or email you so you can quickly act on anything that looks unfamiliar.
On the web, on Android: we've got you covered
We use similar security tools to help make the web and a huge variety of Android apps and devices safer, too.
For example, have you ever clicked a link and seen a red warning, like this one below?
A Safe Browsing warning: red means stop!
For our Android users, we developed an “app analyzer” that builds on Safe Browsing’s technology to specifically hunt for dangerous Android apps, wherever they may be, and warn you before you install one. If an app doesn’t pass the app analyzer test, it’s not be allowed in Google Play.
Detecting the obvious badness — sites well-known for phishing scams, ransomware that locks your device until you pay a fraudster — is relatively easy. But the stealthier badness is only detectable by measuring billions of signals across sites and apps. If this sounds similar to the way we approach spam protections on Gmail or suspicious logins into Google, that’s because it is! The ability to understand badness on a large scale enables us to find the clues bad guys didn’t even know they were leaving behind.
We have a responsibility to keep you safe on Google, and help make the web more secure as well. We’re constantly improving our automatic protections, but we want to give you the controls to adjust your security settings as well.
Don't forget to take our Security Checkup and learn more about other ways to keep your Google Account secure at privacy.google.com, and happy Safer Internet Day!