Two-step verification protects users from taking over the account. A person who wants to log in to Gmail or another service must confirm that he is the owner of the profile – to do this, enter the SMS code coming to the given phone number. In this way, we can guarantee that even if our password is leaked, without a smartphone takeover, a small criminal will do as much as two-step verification is enabled.
Internet scammers, however, try to avoid it. “A Twitter user has encountered and published a pretty clever attempt to obtain from him an SMS code to confirm the login to the Gmail account,” warns the portal Trusted Third Party.
This is the most CLEVER phishing scam I’ve ever encountered and for a second it almost got me.
Here’s how it works: they ask you to send them the password reset code they have requested gmail send to you, claiming it will stop someone’s access but in fact it just lets them in. pic.twitter.com/OUCbw4BmqU
— Tiller, but BLFC soon (@_thp) March 31, 2018
The scam starts with a password and login. But even with such data, the criminal’s path is blocked by two-step verification. How did he try to avoid her? The cybercriminal must know the victim’s telephone number. He then sends a message about an alleged attempt to change the password in the Google account. In it he writes that if the user has no intention of resetting the password, he must answer by entering “STOP”. Assuming the victim responds, the next message is sent by real Google.
It’s a six-digit verification code – during this time the criminal tries to log in to Gmail. And after a while, he sends a message, again impersonating Google, asking for the code that was just received, which will supposedly stop the password reset process. Unaware of anything a person can pass a verification code and … let the criminal into his own mail.
The scam is quite clever and original. The potential victim must, therefore, be extremely vigilant not to be approached in this way. And he must also know that Google does not require such a complicated process to stop trying to reset the password – but people who have not done it before may not be aware of it. ZTS predicts that an ingenious criminal may soon find his followers. That is why you have to be careful because even two-step verification will not protect against cunning scams.