Using a strong password without recycling it on different accounts, exchanging personal information only on encrypted sites, keeping your software up to date: these tried-and-true tips have never been more important for staying safe online. But this Safer Internet Day, we wanted to give some insight into how our systems help keep you safe, automatically—on Google and beyond. No switches to flip or buttons to click, these protections always have your back.
Outsmarting phishing to protect your Google Account
Sometimes, email may look like it came from someone you trust, but it might be a wolf in sheep’s clothing. This spammy message is trying to phish you—trick you into giving away your personal information—and then hijack your account.
Luckily, we’ve built lots of smart armor into Gmail to automatically zap scammy messages before you ever see them. Our systems anonymously examine thousands of signals across all of Gmail—where a message originated, to whom it’s addressed, how often the sender has contacted the recipient in the past—to determine which messages are safe, and which ones aren’t. We then filter the vast majority of this nasty stuff out; the average Gmail inbox contains less than 0.1 percent spam.
Still, across the internet, the bad guys can be pretty clever. For example, a fraudster could steal your username and password because you accidentally shared them on an especially deceptive scam site. But, even if attackers have your credentials, our systems are still able to block them and keep your account safe, something we did hundreds of millions of times in 2016. That’s because we aren’t just making sure you’ve typed the right password. We also look for subtler signals to confirm the sign-in doesn’t look funky: Are you using the same device that you usually use? Are you in a familiar location, or somewhere far away that you haven’t been to before? We want to make sure the sign-in attempt doesn’t resemble other concerning sign-in patterns that may be on our radar at any given time.
The secret sauce is the systems that detect these subtler signals—clues—billions and billions of times every day to help paint the picture of a safe log-in. Think of these like Sherlock Holmes’ magnifying glass…if it were powered by a few data centers. The clues scammers may not even know they’re leaving behind help us inspect each new log-in attempt and compare it with the picture of a safe log-in that our systems have painted based on billions and billions of other log-ins. If something looks fishy, we’ll require more verifications designed to thwart bad guys, send notifications to your phone, or email you so you can quickly act on anything that looks unfamiliar.
On the web, on Android: we’ve got you covered
We use similar security tools to help make the web and a huge variety of Android apps and devices safer too.
For example, have you ever clicked a link and seen a red warning, like this? That’s Safe Browsing at work, strongly suggesting you should avoid visiting a site because it probably contains “badness,” like malware or a phishing trap. Similar to the way we crawl the web to deliver search results, Safe Browsing crawls for bad stuff that might be harmful to you or your device. It’s always hard at work: We show tens of millions of Safe Browsing warnings every week on more than 2 billion devices, across a variety of web browsers.
For our Android users, we developed an “app analyzer” that builds on Safe Browsing’s technology to specifically hunt for dangerous Android apps, wherever they may be, and warn you before you install one. If an app doesn’t pass the app analyzer test, it won’t be allowed in Google Play. An additional protection, Verify Apps, runs directly on Android devices, proactively checking more than 6 billion apps and 400 million devices every day. It checks in when you install an app, returns frequently to make sure everything looks safe, and if something is amiss, can remove the app from afar.
Detecting the obvious badness—sites well-known for phishing scams, ransomware that locks your device until you pay a fraudster—is relatively easy. But the stealthier badness is only detectable by measuring billions of signals across sites and apps. If this sounds similar to the way we approach spam protections on Gmail or suspicious logins into Google, that’s because it is! The ability to understand badness on a large scale enables us to find the clues bad guys don’t even know they were leaving behind.
We have a responsibility to keep you safe on Google, and help make the web more secure as well. We’re constantly improving our automatic protections, but we want to give you the controls to adjust your security settings as well. With that in mind, celebrate Safer Internet Day by taking our two-minute Security Checkup to protect your account and adjust your security settings. You can also learn more about other ways to keep your Google Account secure at privacy.google.com.