IT Security Tip #20 – The Gmail Scam That Surprised Me Too!

IT Security Tip #20: The Gmail Scam That Surprised Me Too!

People are so very clever! Criminals tend to be people, so by default, criminals tend also to be clever! Here’s a scam that you may not have heard of, but you’re very vulnerable to it. This may help you avoid having your Gmail account stolen (this applies to any other account that uses a “2 factor authentication” security process as well).

First, what is 2 Factor Authentication (aka: “2FA”)? 2FA is a method of helping to better secure a digital resource and it is based on “something you have, and something you know”. Someone can steal your password, but if they don’t physically have the thing to be used with the password, no entry for them. You’ve seen, and maybe even used a key-fob from a bank that has a long number that changes every 30 seconds or so…when you need to login to the bank website, you enter your credentials and the current number on the key fob. This is a form of 2 Factor Authentication.

Now back to GMail. If you put in your cell number at Google as part of your account, Google will use it to send a text to you which includes a random number to verify that some action on the GMail account (like a password reset) is authorized by you. Because they assume only YOU have your mobile phone, its a reasonably safe and secure process. Unless someone can trick you into sending that code to them! This is the basis for the Gmail Scam!

Here’s how it works:
1. The thief has your phone number and email address (both easily findable on the internet) and goes to Google and clicks “forgot password”.
2. Google sends your phone a verification code.
3. Thief ALSO sends your phone a text pretending to be Google. They say something like: “Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop the unauthorized activity.”.
4. You send the password reset authorization code to the thief.
5. The thief takes over your Gmail account and can use it to be “you” in any other web service that uses your Gmail account as the login (they can reset all those passwords too, since it will come to what used to be your GMail account!)

Infographic: https://www.symantec.com/content/dam/symantec/docs/infographics/istr-how-gmail-scam-works-en.pdf

Before working with Terry, my business’s computer system had been a complete disaster. If it weren’t for him, I would have had to shut down my practice. Terry frequently does more than he’s asked for businesses, including working all hours when a problem arises. He has even tried to learn my software to help me out. I went through 3 different support people and none of them could help like Terry has helped me. Terry is trustworthy and reliable. I would highly recommend Terry and Cole Informatics to anyone facing challenges with their business IT.”

Computer Support
Christie Patterson-King, Nurse Practitioner & Owner

Connect With Your IT Experts

80D South Broad St. PO Box 1373 Lexington, Tennessee 38351
731.249..5700
731.968.9983