With the increased intrusion of technology, the threats of security breaches into out internet-governed lives have increased manifold. Each day we get tons of spam messages, emails and phone calls from the phishing attackers who want to penetrate your accounts and personal information. Talking on the same line, today I’m going to tell you about a new type of social engineering that could easily help someone hack your email account.
The well-known security firm Symantec has warned people about a new password recovery scam that is being used by the attackers to gain access to your email accounts. The firm released a video on their YouTube channel to warn the people about it and explain the simple tricks behind it.To hack your email account, the attacker just needs your email address and your mobile number- no technical or coding skills whatsoever. This attack makes use of the process similar to retrieve your lost password by the mail services and thus affects all major mail providers.
Now let me explain to you in detail how this attack works:
How this new email hack with the help of phone number works?
To do this kind of phishing attack, being a true hacker or a genius isn’t a necessary condition. He just have to click on Need Help? during the sign-in process.
Now attacker will select the first option saying I don’t know my password and enter the email address of the victim.
Now he will send a fake message asking for the verification code from the victim. And if the victim doesn’t realize that it’s a phishing scam, he/she sends attacker the code.
So, in these simple steps your email account is hacked used SMS.
Here is the video to show how this works:
How to save yourself from this email phishing attack?
This type of social engineering attack could be easily used to fool people as many email services rely on SMS verification to retrieve the forgotten password. But, the fact that’s worth noting is that companies like Google won’t send you an SMS asking for the password you received on your phone.
If you ever receive a message from ANY number that asks for your login id, password, any confirmation code or any other type of personal information, fossBytes advises you not to reply it and save yourselves from such fishing attacks.