FBI: Beware of a New Google Voice Authentication Scam – Even if You Don’t Use Google Voice!

FBI Warns of Financial ExtortionA new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers.

If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?

According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams”, the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.

What’s really happening is they scammer is setting up Google voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup. Once completed, the threat actor has a new Google Voice account tied to your mobile phone, so they can carry on without worrying about having it tied to their phone. Additionally, the code being sent could be purposed to allow them access to reset the password to your Gmail account.

Organizations relying on Gmail for corporate email should be specifically concerned about the ramifications of such a scam; with access to one of your internal email accounts, threat actors can easily spray out phishing emails designed to provide endpoint access or install ransomware.

Users should be educated about this and other such scams using ongoing Security Awareness Training. Through repeated exposure to phishing and scam scenarios, users build up a sense of vigilance against these kind of attacks, spotting them instantly, and reducing the organization’s risk of successful attack.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews