The victim receives a text asking whether they’ve requested a password reset for their Gmail account. And, if not, to reply with the word ‘STOP’.
It is easy to see how employees could respond without thinking. If someone isn’t aware of these kind of tactics, it would be natural to assume that a ‘STOP’ response would do the trick.
Not so –next, the victim receives another text with a 6 digit numerical code. The text says to send the code to prevent the account password from being changed.
Of course, now we know what is really happening. The scammer has requested a password change on the victim’s account. So a code is sent to the real account owner. It supposedly verifies that the owner really wanted to change the password. And by sending the attacker that code back, now the scammers can complete the password change. With that, they have access to the account and all the email.
So please tell all your family, friends and co-workers –
“There is a new scam where hackers send you a text that asks you about a password reset on your gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.
Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.
Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”
Finally, it’s really hard to stay ahead of all the latest scams, and the Gmail scam is just one example. This Gmail scam illustrates how easy it is to use “trust” in a brand to get people to react without thinking. Being proactive can help your employees spot these potential traps. Training and awareness are part of a solid IT support plan… all part of finding IT Peace of Mind.