How Scammers Hack Into Your Email Account
This email hack is one of the most clever scams in order to get access to your inbox. Cybercriminals can now easily access your email account by knowing your email address and mobile phone number. They don’t even need your password! Let me explain.
Most email providers – such as Google or Hotmail – can use SMS-based account recovery when you forget your password. This process involves sending a recovery code to a mobile phone number associated with your Google account. After receiving the code, you can enter it on the recovery page to regain access to your account.
The account recovery methods might vary based on the settings you have configured. Google might also offer other recovery options, such as using a backup email address or answering security questions. However, how does the scam work?
Password Recovery Process
If a criminal knows your email address and mobile phone number, all he needs to do is begin the password recovery process. Simply said, just like you would do if you had forgotten your password. As a couple of options are available for recovering lost passwords – either secondary email or text message – the scammer selects the second one: the SMS.
He asks for the verification code to be sent to the mobile phone registered with the account. Well, that number happens to be yours, but that’s the trick.
As expected, the SMS code goes straight to the victim’s phone. Seconds later, as soon as the SMS is out, the scammer sends the victim another text message, but this time from his phone. He claims to be the email provider again and informs the victim that there’s been some suspicious activity on the account. The crook asks to reply with the verification code.
As expected, when the victim sends back the code, the criminal immediately accesses the email account and changes the password. From there, it’s all history.
Watch the video below to see how your email account is quickly stolen away from you:
How To Avoid This Email Hack
Let this sink in for a bit: All the messages from password recovery services provide you with the verification code but never require you to reply. That is it!
Ignore the unsolicited text messages asking for verification codes. Share below in the comments section any of the suspicious numbers you might have received text messages from.
Tips on How To Avoid Password Recovery Scams
Besides the insights of the article above, we have more tips. Here are 10 essential ways to prevent falling prey to password recovery scams and ensuring your online security.
- Enable Two-Factor Authentication (2FA): Turn on 2FA whenever possible. This adds an extra layer of security by requiring a second verification step, even if scammers have your password.
- Beware of Urgency: Scammers often create a sense of urgency to pressure victims into quick actions. Take your time to verify before sharing any sensitive information. In the case presented above it was hard to avoid, but keep this in mind.
- Don’t Click Suspicious Links: Avoid clicking on links in unsolicited emails or messages. Instead, manually type the official URL into your browser to access websites.
- Review Recovery Information: Regularly review and update your recovery contact information. This ensures scammers can’t use outdated information to gain access to your accounts.
- Verify the Source: Always verify the legitimacy of emails, messages, or calls claiming to be from service providers. Contact them directly using official contact information to confirm any requests. In the email hacking scheme above, the phone number showing on your display could give away the scam.
- Use Strong Passwords: Create strong and unique passwords for each account, combining letters, numbers, and symbols. This makes it harder for scammers to guess or crack passwords.
- Use Official Apps and Websites: Download apps and visit websites directly from official sources, such as app stores or official websites. Avoid third-party sources that might host malicious versions.
- Educate Yourself: Stay informed about common phishing techniques and scams. Knowing what to look for can help you recognize potential threats. Bookmark our Scam Detector website on your device or check out our website validator to see if a site is legit.
- Be Skeptical of Personal Requests: Be cautious if someone asks for personal or financial information through email or messaging, even if it seems to be from someone you know. Verify their request through a separate communication channel.
- Trust Your Instincts: If something feels off or too good to be true, it probably is. But you know that already. Trust your instincts and take precautions to verify the authenticity of any request.
Follow these tips and maintain a vigilant and cautious approach. This way, you can significantly reduce the risk of falling victim to password recovery scams and protect your online identity and information.
How To Report Suspicious Activity
Make your family and friends aware of this email hacking trick by sharing the article. Feel free to distribute it on your social media using the buttons provided. You can also officially report criminals of all sorts to the Federal Trade Commission (FTC) using the portal below:
How To Protect Yourself More
If you want to be the first to receive notifications about the most prevalent scams every week, subscribe to our Scam Detector newsletter. You will receive periodic emails from us with insightful and powerful tips. That will include how to prevent fraud and information about the newest tools you can use to fight crime.
Meanwhile, feel free to educate yourself with other fraud-related articles. You have them under this paragraph, so that you know more about online security. Last but not least, if you have any bad experiences, make sure to use the comments section below to expose other scammers.
Verify a website below
Are you just about to make a purchase online? See if the website is legit with our validator: