If you are a Gmail user, be informed that a recent spear-phishing attack aimed towards the Gmail users has been reported by Symantec. The objective of the attack is to gain access to the mail account of the victim, and to meet this aim the hackers are using the account recovery system of Gmail itself.
Why Hackers Choose Gmail?
Gmail is generally considered as secured, but if the hackers can manage to get information about the account directly from the user, hacking becomes nothing but simple; and in this case the hackers are taking a way that is making users easily fall for it. To initiate the process the hacker only need to know the email address of the victim along with his/her phone number and in these days of online networking knowing both is not a very difficult thing.
Does adding phone number matters?
It is very common for Gmail users to add their phone number to their Gmail account so that they can easily recover their Gmail.com login password in case they happen to forget it. It works as an added layer of security in case of password loss. When the user actually forgets his/her password they opt for sending verification code to their mobile number, and by entering that verification code the user is able to set in a new password for their Gmail account. The hacker with knowledge of a user’s Gmail ID; puts the ID in the log in form and asks Gmail to send over the verification code to the added mobile number pretending that it is the original user trying to access the account after having forgotten the password.
The verification code is sent to the attached mobile number of the user, which certainly makes the user aware that something uncanny is happening with his/her Gmail account, because he/she has not asked for the code. By this time the user receives a message on the same number from the hacker saying that a phishing attempt to the Gmail account of the user has been recorded, and to ensure its security they need to know the verification code that has just been sent to this mobile number.
The hacker simply pretends to be a member of the security team of Gmail, and makes the whole thing so convincing that the users easily fall for it. Once they get the verification code, all they need to do to gain full access to your Gmail account is to use the code to reset the password of the account.
In most of the cases, as observed, the hackers are also texting back the new password to the user, after setting an alternate email account to which a copy of all the emails of the user are automatically forwarded. As the user is not losing his/her account and is able to use the password for Gmail login, hence they are hardly suspecting that someone else may be prying to all their emails, making it even more dangerous.
Hence the users are warned to not reply with the verification code to any number, even if it seems to be fully authentic. The Gmail team never asks you for the verification code, so your security is in your own hands; be cautious and stay safe.