Phishing is not only localized to e-mail messages. It can be utilized through any form of messaging service once the sender can trick the victim into believing that they are a trusted entity. Hackers are now using SMS messages to bypass two factor authentication used by e-mail service providers to verify password reset requests. The SMS phishing attack is used to obtain the verification code sent by the e-mail provider to the victim’s phone after the attacker has requested a password reset on the victim’s account. The only problem is that it requires the hacker to know both the victim’s e-mail address and cell phone number. However, here are two key points to remember when dealing with a phishing attack such as this one:
- E-mail providers will ONLY send you the verification code.
- DO NOT reply to SMS messages from senders who claim to be your e-mail provider.
The video below shows how a hacker uses a simple SMS message to obtain the victim’s verification code and ultimately take control of the e-mail account.