Have you ever forgotten the password of your email account, and then used ‘Forgot Password’ to set a new one? You are not the only one. But hackers have come up with a trick that uses this method to gain access to your email account. Also Read - Twitter reports security bug in Android, wants users to update app
All a person needs is your email id and your phone number (that is registered with email provider). With these two details, he can initiate the process of resetting your account’s password. Security expert Symantec has detailed the process in a video embedded below. Also Read - TikTok's Indian alternative Chingari's company website reportedly compromised
A hacker first types in your email id and then hits Forgot Password. Next he selects the option wherein your email provider will send you a verification code via a text message. Right after, he sends a seemingly innocuous message to the victim via an unknown number. The message will warn the victim that someone is trying to access their account, and hence he/she should reply with the verification code. An unsuspecting victim could reply with the password, thereby handing the perpetrator the keys to their email account. Also Read - New Android vulnerability warning issued by CERT-In
It may not seem very straightforward, but there have been many who can fall to such social engineering techniques. Symantec wants to educate people to the possibility to such attacks, and also warns never to reply to such messages. It says that companies dealing with verification codes will always send the codes, but never ask for a reply.
Symantec’s video follows below.