Video: Cybercriminals Phishing for E-mail Accounts using SMS

By Jon Phish, Wed 17 June 2015, in category View

google, phishing, social engineering

Phishing is not only localized to e-mail messages. It can be utilized through any form of messaging service once the sender can trick the victim into believing that they are a trusted entity. Hackers are now using SMS messages to bypass two factor authentication used by e-mail service providers to verify password reset requests. The SMS phishing attack is used to obtain the verification code sent by the e-mail provider to the victim's phone after the attacker has requested a password reset on the victim's account. The only problem is that it requires the hacker to know both the victim's e-mail address and cell phone number. However, here are two key points to remember when dealing with a phishing attack such as this one:

The video below shows how a hacker uses a simple SMS message to obtain the victim's verification code and ultimately take control of the e-mail account.