We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier.
Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers.
In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number.
Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others.
Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone’s email account password, all you actually need is their mobile number.
Here's How the Scam Works:
Send a text from an unknown number to the victim’s phone, asking them to verify their account by replying with the verification code they are about to receive in order to ensure their Google account is secure, but in real the code is a password resets code.
Send another text message containing an unlock code to the registered phone.
The victim receives the code with a text something like this: "This is Google. There has been unauthorized activity on your account. Please reply with your verification code."
As soon as victim responds with the verification code, the email address is forfeited, and the attacker can log into victim’s Gmail account without detection.
This social engineering trick sounds so easy and requires almost no technical skills to get into anyone’s email account.
Of course, the untrained mind could easily fall victim to the text asking for a response. But, as Symantec says, "Legitimate messages from password recovery services will only tell you the verification code and will not ask you to respond in any way."
The workaround is not to fall victim for such kinds of scams and always examine the messages you receive.
Most of us reply to the unknown phone calls and messages thinking it is from the company, as receiving messages and phone calls from companies is not something uncommon.
** Disclaimer **
Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator is responsible for the comments posted on this website.