Gmail/Yahoo password recovery scam targets providers

There's a targeted social engineering scam that allows hackers to get password access to your gmail, yahoo, or hotmail accounts (or any other account that uses SMS-based password recovery). This scam relies on the attacker knowing both the victim's email and cell number, which makes it especially applicable to providers since they often make both these things public.

It is particularly insidious because it includes an official text from gmail/yahoo/etc, so unlike most phishing scams it can more easily pass the "smell test" and get people to respond and expose their account to the attacker. When the scammer gets access to your account, they can temporarily send emails from you, and permanently set up forwarding so they can read all your email even if you change your password. We've had a couple instances over the past year at TF of hackers creating fake provider profiles with verified email addresses, that were likely caused by this scam.

Basically the way it works is that you get a text from the hacker saying "Suspicious activity on your account. Please text back with your gmail reset code that we are sending to your recovery phone". This is followed immediately by an official legitimate text from gmail containing the reset code.

Full description of the scam here:
http://www.symantec.com/connect/blog...account-access
https://www.grahamcluley.com/2015/06...ccount-mobile/
There's a targeted social engineering scam that allows hackers to get password access to your gmail, yahoo, or hotmail accounts (or any other account that uses SMS-based password recovery). This scam relies on the attacker knowing both the victim's email and cell number, which makes it especially applicable to providers since they often make both these things public.

It is particularly insidious because it includes an official text from gmail/yahoo/etc, so unlike most phishing scams it can more easily pass the "smell test" and get people to respond and expose their account to the attacker. When the scammer gets access to your account, they can temporarily send emails from you, and permanently set up forwarding so they can read all your email even if you change your password. We've had a couple instances over the past year at TF of hackers creating fake provider profiles with verified email addresses, that were likely caused by this scam.

Basically the way it works is that you get a text from the hacker saying "Suspicious activity on your account. Please text back with your gmail reset code that we are sending to your recovery phone". This is followed immediately by an official legitimate text from gmail containing the reset code.

Full description of the scam here:
http://www.symantec.com/connect/blog...account-access
https://www.grahamcluley.com/2015/06...ccount-mobile/ Originally Posted by trustedfling
You gotta watch out for hackers.Adult sites target for scam and problems.
Just PM me your password and email and I will make it hacker proof.