"The scheme involves a text message that appears to come from 'Gmail from Google,' warning recipients that their account has been compromised. The message includes a link labeled 'Recover Account.' When users click it, they are prompted to enter their Gmail password, which is then captured by scammers. In some cases, attackers can combine stolen information with personal details, like your phone number."
"They may then use social engineering to convince mobile carriers to transfer the number to a SIM card under their control, potentially giving them access to SMS-based two-factor authentication codes. Victims reported that these texts can look very official, often referencing prior 'sign-on attempts' from foreign IP addresses, such as those in Venezuela or Bangladesh."
"Cybersecurity experts stress that users need to take several steps immediately if they believe they have been targeted, including changing their Google password and enabling two-factor authentication (2FA). This is the first line of defense, because using a strong, unique password, and, where possible, replacing SMS-based 2FA with an authenticator app or hardware security key."
"Experts warned of the importance of adding protections with your mobile carrier. Ask your provider about options such as SIM PINs, account passcodes, port freezes, or number locks. These measures prevent attackers from transferring your number."
A new phishing scam targets Gmail users through text messages impersonating Google, warning of account compromise and directing users to click malicious links. When victims enter their Gmail passwords, scammers capture credentials and can combine them with stolen phone numbers to perform SIM swaps with mobile carriers, gaining access to SMS-based two-factor authentication codes. The fraudulent messages appear official by referencing suspicious sign-on attempts from foreign IP addresses. Once compromised, Gmail accounts are vulnerable, and if passwords are reused, other accounts face risk. Cybersecurity experts recommend immediately changing passwords, enabling two-factor authentication using authenticator apps or hardware keys instead of SMS, updating all accounts with shared passwords, and contacting mobile carriers to implement protective measures like SIM PINs, account passcodes, port freezes, or number locks.
Read at Mail Online
Unable to calculate read time
Collection
[
|
...
]