Categories
Tech

Account hijackers

If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.

Google described their efforts to minimize harm to users due to email account hijacking:

“Our security team…saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to…detect whether a log-in is legitimate, beyond just a password.”

Less than 1% of spam emails make it into a Gmail inbox.

The number of compromised accounts decreased by 99.7% since 2011. That’s impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!

The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.

120 Signals

I suspect that Google’s methods are analogous to those used by the U.S. Department of Health & Human Services’ Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.

How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.

Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.

I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona’s state-administered Medicaid/Medicare program, monitoring program performance and quality of care.

Categories
Tech

Why is Amazon Legal Dept accessing my Gmail again?

Activity on this account
This feature provides information about the last activity on this mail account and any concurrent activity. Learn more
This account does not seem to be open in any other location. However, there may be sessions that have not been signed out.

Categories
Tech

Minor mysteries of spam

Information overload has been one of my recent concerns. Spam certainly exacerbates the situation! I am spared the worst of spam, due to the minimal traffic on my websites, although I was treated to a glut of spam from around the world immediately after I posted that skateboard video a few months ago.