Gmail account holders are being alerted to a worrying new threat. Cybercriminals are continuously searching for fresh methods to target consumers, and being deceived by this particular scam could grant them complete access to email and other accounts.
The newest danger, which has been identified by the team at Malwarebytes, seems to be focusing on Gmail users, and it’s simple to understand how some are being tricked. The fraud begins with a message that alleges to be from Google’s Support service claiming that someone has tried to access the account and a password reset is necessary.
To make matters even more believable, the email is occasionally followed by an actual phone call, reports the Mirror. Cybercriminals use this technique in an attempt to acquire the security code that Google sends when a password is reset.
If they succeed, they can then log in and uncover a wealth personal information. The spokesperson at Malwarebytes explained: “Victims get an email or phone call allegedly from Google support that warns someone has tried to hack their account. The best way to protect themselves is to reset the password.”
They added: “They then send a separate account reset email to the victim, who dutifully enters their login credentials. The account includes a code that the victim must read out to verify that they’re legit. The support staff say they’ll enter this code to reset the system, but they’re using those precious extra few seconds to hijack the victim’s account.”
The extent of the issue remains unclear, though several Google users have confirmed being targeted in recent weeks. Speaking on Reddit, one Google account holder revealed: “He was trying to actively recover my account and steal possession of it, while on the phone with me.”
To enhance the scam’s credibility, the fraudster even instructed the victim to verify the number they were ringing from, then terminate the call and ring the number back. The Reddit user added: “He was completely bluffing – as when you call that number, you cannot get a human on the line. They don’t staff that line with agents.”
Should you receive any correspondence from Google claiming an account requires resetting, exercise extreme caution. It’s almost certainly fraudulent. Google has acknowledged the issue, warning users never to surrender any personal information.
A Google spokesperson said: “These contacts and their websites have no affiliation to Google and may claim to provide password reset assistance as well as other Gmail related support services. In addition, these sites may require the submission of payment for their support services. Google does not charge users to recover their account credentials or change their password.”
They added: “In other cases, these websites may call you and claim that your Google Account was hijacked or that your computer has a virus or other malware on it. Google does not provide phone based support for Gmail and these calls are not affiliated with Google.”
Looking for more from MyLondon? Subscribe to our daily newsletters here for the latest and greatest updates from across London.
