View the article’s original source
Author: Shaikh Rafia

It’s a well-known fact that our email IDs and mobile numbers are no more private and known only to our contacts. Extensive lists containing hundreds of thousands of email addresses and phone numbers are sold everywhere from marketing agencies to groups with criminal motives. A recent research has discovered how these two are being increasingly used in a type of “spear-phishing attack.” The goal of this phishing attempt is to hack into email accounts and it is achieved with nothing but mobile numbers.

– Relevant: Cute Cat Images Hacking Your Computers and Spying on You

password recovery scam setup fingerprint on galaxy s6

While we receive many spam messages in both our text box and our email account, many of us know that these are spam and not to be bothered with. However, things get a little murky when some “authority figures” are used to send these same emails or text messages.

For example, you often receive verification code from Google, Facebook and any other service where you have enabled 2-step verification for. The process asks you to enter the texted string onto your browser screen. Cloaks of same organizations are being used in a social engineering attack to convince victims that the messages are really being sent from Google, Hotmail, and other similar services.

Here is how this social engineering password recovery scam works:

Advertisements

  • Attacker first gains your email ID and your mobile number.
  • Hacker uses password recovery feature offered by email providers; a verification code is sent to your mobile phone.
  • In the meanwhile, victim receives a text from an unknown number asking them to verify their account to ensure account security by replying with the verification code (that’s sent from the email provider in above step).
  • User then receives text that reads something like this, “This is Google. There has been unauthorized activity on your account. Please reply with your verification code.
  • If the code doesn’t work, victim receives another text with, “We still detect an unauthorized sign-in to your account. Google just re-sent a verification code via text message: Please respond with it to help secure your Google account.”
  • Once the victim responds with the official verification code, attacker gains access to victim’s mail account without detection.

What makes this social engineering phishing attack genius is that this kind of attack requires no hacking skills. Anyone can accomplish it by having your email ID and phone number which makes the attack quite serious in its nature.

The only thing you could do to save yourself from this and all of other similar attacks is to never respond to text messages or even emails that claim to come from Google, Hotmail, Yahoo, and other such services. Remember, all these services only send you information in the form of verification code or anything else. They never ask you to respond back; so don’t fall victim to these attacks and always be cautious of spam messages.

Password recovery scam video:

– Discovery by Symantec

The post How to Hack an Email Account with Just a Phone Number – PoC by Shaikh Rafia appeared first on WCCFtech.

image image image



All of these texts are owned by its respective writers and are published here under a Creative Commons License. Visit the author’s website (see link below the title of this post) to determine the actual terms of the license.


4 COMMENTS

  1. It’s awesome to go to see this site and reading the views of all colleagues concerning this post, while I am also zealous of getting familiarity.

  2. Howdy! This article couldn’t be written much better! Going through this post reminds me of my previous roommate!
    He always kept preaching about this. I most certainly will forward this post to him.
    Fairly certain he’ll have a great read. I appreciate you for sharing!

  3. I used to be recommended this blog through my cousin. I am not certain whether or not this put up is written by means of him as nobody else recognise such targeted approximately my problem. You are incredible! Thank you!

  4. Normally I don’t read post on blogs, however I wish to say that this write-up very forced me to take a look at and do so! Your writing taste has been surprised me. Thank you, quite great article.

LEAVE A REPLY