FEDERAL TRADE COMMISSION SCAM ALERT: A Text Message Mess
By Kristin Cohen, FTC Office of Technology Research and Investigation // November 17, 2015
PROTECT YOURSELF FROM THE NEWEST SCAMS
ABOVE VIDEO: If you suspect that someone has hacked into your email, here’s what to do.
Let me set the scene: your friend John is rushing to get his daughter from school and his son to the soccer field, and he still needs to stop at the grocery store because there’s nothing in the fridge.
In the midst of this everyday madness, he gets a text message from Google with a verification code. He thinks, “That’s weird. Maybe I should log in to my email and see what’s going on.”
Before he has a chance, he gets another message. It says:
Google has detected unusual activity on your account. Please reply with the verification code sent to your mobile device to stop unauthorized activity.
What should John do?
It’s quite possible that he might reply with the code — especially while he’s distracted, and worried that he might lose access to his email. Unfortunately, if he sends the code, he’ll be giving a hacker access to his email account.
Here’s what happened behind the scenes:
- A hacker who has John’s email address and mobile number went to the email login screen, clicked “Forgot Password,” and asked for a verification code via text message.
- John got the verification code on his phone.
- The hacker — pretending to be John’s email provider — sent him a text message and asked for the code.
- John forwarded the code to the hacker, and the hacker had everything he needed to complete the login process.
The hacker could gather a lot of information about John while snooping through his email. He also could change John’s settings, so future emails sent to John are forwarded to the hacker. It could be a long time before John notices this change.
So, what can you do?
Don’t send verification codes to anyone via text or email. Use these codes only on the login page. And if you get a verification code that you didn’t request, let your provider know about it. That could be a sign that someone is tampering with your account.