Twitter user @_thp shared a recent phishing scam that they received; and it’s so fiendishly clever that it’s gone viral. They wrote: "This is the most clever phishing scam I've ever encountered and for a second it almost got me." Now, that is perhaps a bit exaggerated, but you have to admit it's something a lot of people will likely fall for.
Here is how this scam works. The victim receives a text asking whether they’ve requested a password reset for their Gmail account - and, if not, to reply with the word ‘STOP’.
Employees who have not received any new-school security awareness training will fall for this social engineering tactic, and will respond with ‘STOP’. Next, they are urged to send the 6 digit numerical code in order to prevent the password being changed.
Of course what is really happening is that the scammer has requested a password change on their account. That request sends a code to the real account owner to verify that they actually want the password changed. And by sending that attacker the code back, you’re enabling the bad guys to complete the password change, and now they have access to the account and all the email.
Next, I suggest you send this email to your employees, friends and family. Feel free to copy/paste/edit:
There is a new scam where hackers send you a text that asks you about a password reset on your account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don't fall for it.
Remember that Gmail will never ask if you don’t want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one. Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it's a very good idea to have 2-step verification set up on your Google account.
Free Phishing Security Test
Did you know that 91% of successful data breaches started with a spear phishing attack?
Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone™ with our new, improved free test.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://www.knowbe4.com/phishing-security-test-offer
Let's stay safe out there.
Warm regards,
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.