Limit the occurrence of account hijacks with recovery phone number: Google

Recent research from Google reveals that users can enhance their online security by adding a recovery phone number to their respective accounts.

Google worked in tandem with New York University and The University of California, San Diego on a yearlong study where they researched ways to combat targeted attacks and other security challenges.

The team concluded the study by stating that during their research, simply adding a recovery phone number to the Google account can block up to 100% automated bots, 96% of phishing attacks and 66% of targeted attacks.

The research also looked at both – knowledge-based and device-based challenges.

For example, the knowledge-based challenge involved the search engine giant following up on suspicious sign-in attempts by asking for further proof of your identity through a secondary email address or a phone number. Another way to block hijacking of account is asking for your last sign-in location.


On the other hand, the device-based challenges involved texting codes to the user’s phone number, which are then entered online. According to the research, this method reduced targeted attacks by 76%.

Moreover, on-device prompts that appear on Android devices such as the method that asks for a security key remains to be one of the best ways to enhance security.

However, Google’s research also revealed that around 38% of users did not have access to their phone when challenged while 34% were unable to recall their secondary email address.



Google also found an emerging trend by the title of ‘hack for hire’ attacks. Through this method, the criminal group breaks into accounts for a fee of $750 and usually relies on phishing emails impersonated from family members, co-workers, government entities, and even Google.

To safeguard accounts, Google recommends users, especially those who fall into ‘high-risk’ targets category to sign up for the Advanced Protection Program.

"Just like buckling a seat belt, take a moment to follow our five tips to help keep your account secure." explained Google Security Team in a blog post. Adding further, "You can also help protect your non-Google accounts from third-party password breaches by installing the Password Checkup Chrome extension."

No comments:

Post a Comment