phishing scams

It's the era of 2-way verification code to protect users from hackers getting into their account. Email services like Gmail and Yahoo have adopted this method of login to protect email users. 

But cybercriminals might have devised a method to bypass this method and get into users email account, just by knowing their email account and phone number. This type of social engineering will trick you into giving your account to the wrong hand. The hacker does not need a coding skill or any special technical skill.

             

This phishing scam can affect gmail, outlook or yahoo email services since they all use the same method for both login or password recovery. The phishing scam is labelled password recovery scam.

The Password Recovery Scam

The user logs into the email service and click on forget password just like you would do if you "forget my password". Though there are several methods for recovery, but the attacker will select the SMS method, allowing your email service provider send you a code via SMS. 

When the soon-would-be-victim get an unexpected text message from their email provider, it is time for the next step for the hacker. He will send the victim another text in this format.

   This is Google. There has been unauthorized activity on your account. Please reply with your verification code.

             

Please note that the statement above can be in any format, don't expect same format. The attacker sends the message from his own phone, pretending to be the email provider. 

If you don't know and reply the hacker with your verification code, the hacker can change your password immediately and have a complete control of your account.

How To Avoid Password Recovery Scam

1. Ignore all unsolicited messages, report the number to the police.

2. Email services never needs you to send your code, they send you the code, why ask you again. Be Smart

Watch Video to learn more: