How Some Hacker Hack Victim's Gmail Account With the help of Their Phone Number !!!
We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a scarier.
Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers.
In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone’s email account password, all you actually need is their mobile number.
Here's How the Scam Works: Send a text from an unknown number to the victim’s phone, asking them to verify their account by replying with the verification code they are about to receive in order to ensure their Google account is secure, but in real the code is a password resets code. Send another text message containing an unlock code to the registered phone.
The victim receives the code with a text something like this: "This is Google. There has been unauthorized activity on your account. Please reply with your verification code."
How to save yourself from this email phishing attack?
This type of social engineering attack could be easily used to fool people as many email services rely on SMS verification to retrieve the forgotten password. But, the fact that’s worth noting is that companies like Google won’t send you an SMS asking for the password you received on your phone.
If you ever receive a message from ANY number that asks for your login id, password, any confirmation code or any other type of personal information, i advice you not to reply it and save yourselves from such fishing attacks.
We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a scarier.
Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers.
In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone’s email account password, all you actually need is their mobile number.
Here's How the Scam Works: Send a text from an unknown number to the victim’s phone, asking them to verify their account by replying with the verification code they are about to receive in order to ensure their Google account is secure, but in real the code is a password resets code. Send another text message containing an unlock code to the registered phone.
The victim receives the code with a text something like this: "This is Google. There has been unauthorized activity on your account. Please reply with your verification code."
How to save yourself from this email phishing attack?
This type of social engineering attack could be easily used to fool people as many email services rely on SMS verification to retrieve the forgotten password. But, the fact that’s worth noting is that companies like Google won’t send you an SMS asking for the password you received on your phone.
If you ever receive a message from ANY number that asks for your login id, password, any confirmation code or any other type of personal information, i advice you not to reply it and save yourselves from such fishing attacks.
0 comments: