Emerging Threats

How a Gmail password stealing scam works

Written by a NortonLifeLock employee


Jan. 18, 2018

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply

Sophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesn’t rely on otherwise easy-to-spot phishing methods. Here’s what you need to know to protect yourself from this email password stealing scam.

Who is affected?

Researchers have found this scam largely targets Gmail, Hotmail, and Yahoo Mail users. However, everyone with an email account should be aware of how this scam works to avoid falling victim.

How does the scam work?

To initiate this scam, cybercriminals need to know the email address and associated phone number of the user. Both of these contact details can often easily be obtained. With this information handy, an attacker can then capitalize on the password recovery feature that allows an email user to gain access to their account by a verification code sent to their mobile. In these quick steps, a cybercriminal can gain access and takeover an email account:

  1. An attacker obtains a victim’s email address and phone number – both of which are usually available.
  2. The attacker poses as the victim and requests a password reset from Google.
  3. Google sends the code to the victim.
  4. The attacker then texts a victim with a message, baiting them to share the verification code while posing as the email provider.
  5.  The victim passes the verification code on to the “email provider” unknowingly giving this information to the attacker.
  6. The attacker uses the verification code to reset the password, gaining access to the email account.

With access to the account, an attacker could lock out the victim. The attacker could also add an alternate email address to the account without the victim’s knowledge in order to forward copies of all messages sent to the address. Meanwhile, the victim would not know that their private messages are being intercepted.

How to help protect against 5 types of phishing scams

Phishing is like an online con game, and phishers are nothing more than tech-savvy con artists. Learn how to help protect yourself from them.

What is at risk?

With access to an email account an attacker can exploit personal details found in your inbox. Symantec researchers studying the attack have found that cybercriminals carrying out this scam are not usually after financial information, but gathering information about their targets.

How to avoid this scam

Be aware of suspicious SMS text messages asking about email verification codes. If you are unsure if a request is legitimate, contact the email service provider directly.

Also, keep in mind password best practices such as using a unique password across all accounts.

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.