Security firm Symantec is warning us about a new scam wherein vicious minds are tricking users into turning their webmail account access. The attack devised by the hackers requires only an email address and assorted phone number in order to pull this trick. This new scam affects all popular webmail services including Gmail, Outlook, and Yahoo among others.
In what is a perfect demonstration of social engineering attack, the culprits are resetting the password of victim’s account and then tricking them into handing them the reset code. This is how they are initiating the attack — which you should carefully take note of.
First up, a fraudster poses as a victim and requests a password reset. Of course, they don’t have access to your mobile phone — in which the email provider will send in the password reset link. But our fraudster does it anyway. And this isn’t being done for no reason.
Our fraudster then sends a text message to the victim — posing as the email provider –informing that the company has detected some unauthorized activity in their account. Furthermore, the vicious mind asks the victim to confirm their rightful ownership by forwarding the code they received from the company. One has to say that there has been a lot of thinking put into this attack, and we could see why an average Joe would not hesitate to send away the details.
The horror matinee doesn’t end there. You need to realize that once your webmail account is compromised, it is just the beginning of a cascade of other attacks that are likely to ensue. You see, your webmail account is linked to your social media account, bank accounts, and other email accounts. Getting into your one account is just the beginning of what could end up as your worst nightmare.
So what should you do? It’s actually pretty simple. If you ever receive such a text, do not respond to it. Log-in to your account, and see if everything is okay to confirm.