How a Gmail password stealing scam works
Authored by a Symantec employee
Sophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesn’t rely on otherwise easy-to-spot phishing methods. Here’s what you need to know to protect yourself from this email password stealing scam.
A security suite that helps protect your devices.
Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.
Who is affected?
Symantec researchers have found this scam largely targets Gmail, Hotmail, and Yahoo Mail users. However, everyone with an email account should be aware of how this scam works to avoid falling victim.
See how the scam works. In just a few quick steps, cybercriminals trick victims into disclosing email credentials.
How does the scam work?
To initiate this scam, cybercriminals need to know the email address and associated phone number of the user. Both of these contact details can often easily be obtained. With this information handy, an attacker can then capitalize on the password recovery feature that allows an email user to gain access to their account by a verification code sent to their mobile. In these quick steps, a cybercriminal can gain access and takeover an email account:
- An attacker obtains a victim’s email address and phone number – both of which are usually available.
- The attacker poses as the victim and requests a password reset from Google.
- Google sends the code to the victim.
- The attacker then texts a victim with a message, baiting them to share the verification code while posing as the email provider.
- The victim passes the verification code on to the “email provider” unknowingly giving this information to the attacker.
- The attacker uses the verification code to reset the password, gaining access to the email account.
With access to the account, an attacker could lock out the victim. The attacker could also add an alternate email address to the account without the victim’s knowledge in order to forward copies of all messages sent to the address. Meanwhile, the victim would not know that their private messages are being intercepted.
What is at risk?
With access to an email account an attacker can exploit personal details found in your inbox. Symantec researchers studying the attack have found that cybercriminals carrying out this scam are not usually after financial information, but gathering information about their targets.
How to avoid this scam
Be aware of suspicious SMS text messages asking about email verification codes. If you are unsure if a request is legitimate, contact the email service provider directly.
Also, keep in mind password best practices such as using a unique password across all accounts.
Our best protection. One low price
Norton Security Premium helps protect up to 10 of your Windows PCs, Macs, Android smartphones or your iPads.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.