How a Gmail Password Stealing Scam Works

by | Jun 3, 2016 | Security

used with permission from Norton by Symantec

gmail-steal-passwordsSophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesn’t rely on otherwise easy-to-spot phishing methods. Here’s what you need to know to protect yourself from this email password stealing scam.

Who is affected?

Symantec researchers have found this scam largely targets Gmail, Hotmail, and Yahoo Mail users. However, everyone with an email account should be aware of how this scam works to avoid falling victim.

See how the scam works. In just a few quick steps, cybercriminals trick victims into disclosing email credentials.


How does the scam work?

To initiate this scam, cybercriminals need to know the email address and associated phone number of the user. Both of these contact details can often easily be obtained. With this information handy, an attacker can then capitalize on the password recovery feature that allows an email user to gain access to their account by a verification code sent to their mobile. In these quick steps, a cybercriminal can gain access and takeover an email account:

1. An attacker obtains a victim’s email address and phone number – both of which are usually available.

2. The attacker poses as the victim and requests a password reset from Google.

3. Google sends the code to the victim.

4. The attacker then texts a victim with a message, baiting them to share the verification code while posing as the email provider.

5. The victim passes the verification code on to the “email provider” unknowingly giving this information to the attacker.

6. The attacker uses the verification code to reset the password, gaining access to the email account.

With access to the account, an attacker could lock out the victim. The attacker could also add an alternate email address to the account without the victim’s knowledge in order to forward copies of all messages sent to the address. Meanwhile, the victim would not know that their private messages are being intercepted.

What is at risk?

With access to an email account an attacker can exploit personal details found in your inbox. Symantec researchers studying the attack have found that cybercriminals carrying out this scam are not usually after financial information, but gathering information about their targets.

How to avoid this scam

Be aware of suspicious SMS text messages asking about email verification codes. If you are unsure if a request is legitimate, contact the email service provider directly.

Also, keep in mind password best practices such as using a unique password across all accounts.