Have you ever forgotten the password of your email account, and then used ‘Forgot Password’ to set a new one? You are not the only one. But hackers have come up with a trick that uses this method to gain access to your email account.
All a person needs is your email id and your phone number (that is registered with email provider). With these two details, he can initiate the process of resetting your account’s password. Security expert Symantec has detailed the process in a video embedded below.
A hacker first types in your email id and then hits Forgot Password. Next he selects the option wherein your email provider will send you a verification code via a text message. Right after, he sends a seemingly innocuous message to the victim via an unknown number. The message will warn the victim that someone is trying to access their account, and hence he/she should reply with the verification code. An unsuspecting victim could reply with the password, thereby handing the perpetrator the keys to their email account.
It may not seem very straightforward, but there have been many who can fall to such social engineering techniques. Symantec wants to educate people to the possibility to such attacks, and also warns never to reply to such messages. It says that companies dealing with verification codes will always send the codes, but never ask for a reply.
Symantec’s video follows below.