How to block hijacking attacks on your Google account
Securing your Google account against the vast majority of account hijacking attempts is as simple as adding a recovery phone number, new research by Google, New York University, and the University of California, San Diego shows.
The researchers discovered that the mere addition of a recovery phone number sufficed to block all (100%) automated bot attacks, nearly all (99%) untargeted phishing campaigns, and two-thirds (66%) of targeted attacks that took place within the time frame of the study. The research covered a whopping 350,000 hijacking attempts on 1.2 million Google account users.
In the absence of a recovery phone number, Google protects user accounts with knowledge-based questions. These usually still block bot attacks, but are not effective against phishing and targeted attacks, because threat actors can use social engineering to get victims to share information that will enable them to answer the questions.