Security experts at Symantec are warning about a new password recovery scam targeting Gmail users worldwide mainly for intelligence gathering. Every day scammers propose new techniques to steal personal information and other sensitive data. Today we will speak of a new social engineering technique used in the wild by crooks that allow them to hack into an email account by simply knowing the victim’s phone number. Security experts at Symantec that tricks users into giving attackers the control over their webmail account. All an attacker needs to take over a webmail account is the victim’s email address and cell phone number. “The cybercriminals carrying out these attacks do not seem to be focused on financial gain such as stealing credit card numbers. They appear to be looking to gather information about their targets and are not targeting users en masse, instead going for specific individuals. The way they operate is similar to the methods used by.” states Symantec. Symantec published a video explanation of how this social technique works. Let’s analyze the attack scenario: • The victim registers his mobile phone number with Gmail so that if he forgets his password Google will send him via SMS a verification code that allows him to access his account. Graph API is the primary way for developers to read and write the users data. All the Facebook apps of now are using Graph API. In general Graph API requires an access token to read or write user data. How to hack social media accounts for free. HOW TO HACK FACEBOOK, GMAIL, YAHOO AND OTHER SOCIAL MEDIA ACCOUNTS. How to hack gmail password 2017 lastest 100% working - Duration: 3:14. • The attacker just knows the victim’s email address and phone number, he visits the Gmail login page and enters a victim’s email address and then clicks on the “Need help?” link. This link is used by Gmail users when they have forgotten their login credentials. • The users have several options to retrieve their forgotten credentials including “Enter the last password you remember” and “Confirm password reset on my [MAKE AND MODEL] phone.” The attacker can choose “Get a verification code on my phone: [MOBILE PHONE NUMBER].” • An SMS message including a six-digit verification code is sent to the victim. • The victim receives a message saying “Your Google Verification code is [SIX-DIGIT CODE].” • The attacker then sends the victim an SMS message saying something like “Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.” • The victim believing that the message is coming from Google legitimate password restore service replies with the verification code to the attacker number. • The attacker then uses the code to get a temporary password and gain access to the victim’s email account.Experts at Symantec highlight that legitimate password recovery messages never ask users to reply to the SMS text. Watch Love O2O Chinese Drama 2016 Engsub is a Xiao Nai is a gaming expert who courtesy of his basketball skills academic excellence swimming talent and game company presidency also. Baca kumpulan sinopsis lengkap drama china love 020, sinopsis drama china love 020 episode 1 sampai terakhir, drama china love 020, drama china just one is very alluring. Pemain drama thailamd love020. Two Spirit Love mampu menarik banyak peminat drama khususnya drama Thailand sebab selain cerita Two Spirit Love yang bagus, drama ini juga dibintangi oleh aktor dan aktris populer seperti Maurer Mario dan Vijitvongtong Chalida. Bagi kamu penggemar drama Two Spirit Love yang penasaran dengan data pribadi para pemain drama Thailand ini. Thailand movie menawarkan konsep dan jalan cerita yang bagus dan menarik. Ada berbagai genre yang populer, seperti horor, romantis, komedi, drama, action dan lain-lain. Namun yang paling menjadi favorit adalah horor dan komedi romantis. Banyak film horor Thailand serta film komedi romantis Thailand yang terkenal dan digemari penggemar film. Love O2O (Chinese: 微微一笑很倾城) is a 2016 Chinese television series based on the novel of the same name written by Gu Man, starring Yang Yang and Zheng Shuang. It aired on Jiangsu TV and Dragon TV from 22 August to 6 September 2016. The drama is a commercial success in China, and internationally. “Legitimate messages from password recovery services will only tell you the verification code and will not ask you to respond in any way.” explains Symantec. Since the password recovery process is almost similar to several mail services, this new password recovery scam could be used to hack into a number of popular webmail services including Gmail, Yahoo, and Outlook. Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at 'Cyber Defense Magazine', Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog 'Security Affairs' recently named a Top National Security Resource for US. Pierluigi is a member of the 'The Hacker News' team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
0 Comments
Leave a Reply. |