Every day scammers propose new techniques to steal personal information and other sensitive data. Today we will speak of a new social engineering technique used in the wild by crooks that allow them to hack into an email account by simply knowing the victim’s phone number.
Security experts at Symantec are warning people about a new password recovery scam that tricks users into giving attackers the control over their webmail account. All an attacker needs to take over a webmail account is the victim’s email address and cell phone number.
“The cybercriminals carrying out these attacks do not seem to be focused on financial gain such as stealing credit card numbers. They appear to be looking to gather information about their targets and are not targeting users en masse, instead going for specific individuals. The way they operate is similar to the methods used by APT groups.” states Symantec.
Symantec published a video explanation of how this social technique works:
Let’s analyze the attack scenario:
“Legitimate messages from password recovery services will only tell you the verification code and will not ask you to respond in any way.” explains Symantec.
Since the password recovery process is almost similar to several mail services, this new password recovery scam could be used to hack into a number of popular webmail services including Gmail, Yahoo, and Outlook.
(Security Affairs – cybercrime, password recovery scam)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.