Incident Response, TDR

Attackers compromise email accounts using password recovery scam

Gmail, Hotmail and Yahoo Mail accounts are being compromised as part of a highly targeted social engineering scam involving text messages – and all the attackers need to pull it off is an email address and a mobile phone number.

Using Gmail as an example, Symantec's Slawomir Grzonkowski explained in a Tuesday post that an attacker goes to the login page, enters the target's email address, and then clicks the ‘Need help?' link meant for users who have forgotten their passwords.  

The attacker then chooses the option to text a verification code to the target's mobile phone, and sends a follow-up text message to the target explaining that unusual activity has been detected on the account and the target should respond with the verification code.

Responding enables access to the email account, and the attackers appear to be going after information, the post indicated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.