Emerging Threats

How a Gmail password stealing scam works

Authored by a Symantec employee


Sophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesn’t rely on otherwise easy-to-spot phishing methods. Here’s what you need to know to protect yourself from this email password stealing scam.

Who is affected?

Symantec researchers have found this scam largely targets Gmail, Hotmail, and Yahoo Mail users. However, everyone with an email account should be aware of how this scam works to avoid falling victim.

See how the scam works. In just a few quick steps, cybercriminals trick victims into disclosing email credentials.

How does the scam work?

To initiate this scam, cybercriminals need to know the email address and associated phone number of the user. Both of these contact details can often easily be obtained. With this information handy, an attacker can then capitalize on the password recovery feature that allows an email user to gain access to their account by a verification code sent to their mobile. In these quick steps, a cybercriminal can gain access and takeover an email account:

  1. An attacker obtains a victim’s email address and phone number – both of which are usually available.
  2. The attacker poses as the victim and requests a password reset from Google.
  3. Google sends the code to the victim.
  4. The attacker then texts a victim with a message, baiting them to share the verification code while posing as the email provider.
  5.  The victim passes the verification code on to the “email provider” unknowingly giving this information to the attacker.
  6. The attacker uses the verification code to reset the password, gaining access to the email account.

With access to the account, an attacker could lock out the victim. The attacker could also add an alternate email address to the account without the victim’s knowledge in order to forward copies of all messages sent to the address. Meanwhile, the victim would not know that their private messages are being intercepted.

How to help protect against 5 types of phishing scams

Phishing is like an online con game, and phishers are nothing more than tech-savvy con artists. Learn how to help protect yourself from them.

What is at risk?

With access to an email account an attacker can exploit personal details found in your inbox. Symantec researchers studying the attack have found that cybercriminals carrying out this scam are not usually after financial information, but gathering information about their targets.

How to avoid this scam

Be aware of suspicious SMS text messages asking about email verification codes. If you are unsure if a request is legitimate, contact the email service provider directly.

Also, keep in mind password best practices such as using a unique password across all accounts.

New discount! Save 50% on a Norton 360 Standard annual membership your first year.*

Don’t wait to get multiple layers of protection against today’s ever-evolving cyberthreats, at our newly discounted annual price of $39.99 your first year.*

*Terms apply.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.