U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Password Recovery Scam – how to hack a Gmail account

Security experts at Symantec are warning about a new password recovery scam targeting Gmail users worldwide mainly for intelligence gathering. Every day scammers propose new techniques to steal personal information and other sensitive data. Today we will speak of a new social engineering technique used in the wild by crooks that allow them to hack into […]

Password Recovery Scam – how to hack a Gmail account

Security experts at Symantec are warning about a new password recovery scam targeting Gmail users worldwide mainly for intelligence gathering.

Every day scammers propose new techniques to steal personal information and other sensitive data. Today we will speak of a new social engineering technique used in the wild by crooks that allow them to hack into an email account by simply knowing the victim’s phone number.

Security experts at Symantec are warning people about a new password recovery scam that tricks users into giving attackers the control over their webmail account. All an attacker needs to take over a webmail account is the victim’s email address and cell phone number.

“The cybercriminals carrying out these attacks do not seem to be focused on financial gain such as stealing credit card numbers. They appear to be looking to gather information about their targets and are not targeting users en masse, instead going for specific individuals. The way they operate is similar to the methods used by APT groups.” states Symantec.

Symantec published a video explanation of how this social technique works:

Let’s analyze the attack scenario:

  • The victim registers his mobile phone number with Gmail so that if he forgets his password Google will send him via SMS a verification code that allows him to access his account.
  • The attacker just knows the victim’s email address and phone number, he visits the Gmail login page and enters a victim’s email address and then clicks on the “Need help?” link. This link is used by Gmail users when they have forgotten their login credentials.
  • hacking Gmail account password recovery scamThe users have several options to retrieve their forgotten credentials including “Enter the last password you remember” and “Confirm password reset on my [MAKE AND MODEL] phone.” The attacker can choose “Get a verification code on my phone: [MOBILE PHONE NUMBER].”
  • An SMS message including a six-digit verification code is sent to the victim.
  • The victim receives a message saying “Your Google Verification code is [SIX-DIGIT CODE].”
  • The attacker then sends the victim an SMS message saying something like “Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.”
  • The victim believing that the message is coming from Google legitimate password restore service replies with the verification code to the attacker number.
  • The attacker then uses the code to get a temporary password and gain access to the victim’s email account.Experts at Symantec highlight that legitimate password recovery messages never ask users to reply to the SMS text.

“Legitimate messages from password recovery services will only tell you the verification code and will not ask you to respond in any way.” explains Symantec.

Since the password recovery process is almost similar to several mail services, this new password recovery scam could be used to hack into a number of popular webmail services including Gmail, Yahoo, and Outlook.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  cybercrime, password recovery scam)