Your Cellphone Could Be The Gateway Hackers Use To Gain Access to Your Gmail
Symantec recently posted a warning for users of Gmail (GOOG) Outlook (MSFT), and Yahoo (YHOO) that they're targets for a new strategy by thieves to gain access to email accounts. Symantec also made a YouTube video describing the hacker's process. Don't let your account become victimized and never forget that people are usually the weak link in computer security.
It goes something like this (using Gmail as the example):
Once a hacker knows your email address and cell phone number, they go to Google to sign in and click "Need help?"
At the next page, the hacker selects the "I don't know my password" and clicks "continue". Working their way through the email's provider, again using Google's Gmail, but applicable to many others, the hacker chooses to have the reference code sent to your mobile number.
Out of the blue and unexpected, you receive a real text message from Google with an authorization code to gain access to your email account. The hacker waits until they believe you should have received the message and then sends another text message from their unauthorized device requesting that you reply with the authorization code recently sent to you by Google, Microsoft, Yahoo, etc....
It may come in the form of stating your account has been hacked, or many other reasons, but you should never text the authorization code, OR enter it into a website without carefully identifying the website as legitimately being Google's website.
There's many different ways to spin the same trick. They can beat on the password until the system locks you out, thereby you're expecting a text, and many others. Once inside, the hacker can then gain access to many other passwords, and if you're like most people, you use the same password or very few passwords for many if not most of your online security. It's easy to see how your entire world can turn upside down quickly if you allow a hacker to gain access.
One way to mitigate the damage done if hackers get in is by using many different and difficult passwords and allowing software such as your browser to manage them for you. That can at least (in theory) slow a hacker down while you have a chance to perform damage control if your accounts are compromised.
A great resource to learn about and protect your cyber security is the Graham Cluley site grahamcluley.com It's where I learned about this possible exploit.