Beware of unsolicited text messages requesting verification codes. According to the United States Federal Trade Commission (FTC), hackers are perpetrating a clever new social engineering trick that could lead to the compromise or theft of your email account.
Kristen Cohen of the FTC’s Office of Technology Research and Investigation explains how the scam works. First, a hacker obtains your email address and phone number, perhaps through one of the many web and corporate hackings that have occurred over the past few years. They then attempt to log in to your account, clicking the “Forgot Password” button and requesting a verification code be sent via text. The hacker then sends you a follow-up text, purporting to be from Google, requesting you reply back with the code. If you respond, the hacker then has everything he or she needs to take over your email account.
To help prevent this crime, the FTC reminds you to never send anyone a verification codes by text message, email or messenger app. If you get verification codes that you haven’t requested yourself, contact your email provider and let them know. It could be a sign that someone is trying to break in to your account.
If you think your email account has been compromised, don’t panic. The FTC has created a new video explaining what steps to take to recover your account and your digital reputation, which we’ve embedded below (Be patient. The video may take a while to load. You can also access it here, but it takes a while on the FTC site as well). You should also check out Techlicious’s coverage of how to check if your online accounts have been hacked and what to do when your email gets hacked specifically.
[Hacking account via Shutterstock]
