In this latest Gmail phishing scam, hackers send you a text that asks you about receiving a password reset text on your Gmail account, and if you did not, to text the word STOP. But this is a scam! The bad guys asked for that password reset and now they want you to send them the authorization code! Don’t fall for it. Do not text Stop.
To prevent losing your account to the bad guys, do not reply to the text. Doing so will also let the scammers know that they have reached a valid number. Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.
Tip: Covalime recommends having a 2-step verification set up on your Google account!
Here is how this scam works
The victim receives a text asking whether they’ve requested a password reset for their Gmail account – and, if not, to reply with the word ‘STOP’.
Users who have not received any new-school security awareness training could likely fall for this social engineering tactic, and will respond with ‘STOP’. Next, they are urged to send the 6-digit numerical code in order to prevent the password being changed.
Of course what is really happening is that the scammer has requested a password change on their account. That request sends a code to the real account owner to verify that they actually want the password changed. And by sending the attacker that code back, you’re enabling the bad guys to complete the password change, and now they have access to the account and all the email.
Here is a screenshot of what the scam text looks like:
Covalime suggests you send this post to your employees, friends and family.