Text messaging or SMS that can be sent via the mobile phone are gone. However, although they have fallen into disuse, they are becoming the perfect weapon with which cybercriminals aim to undermine the privacy and safety.
Panda Security echoes a recent report published by the University of Toronto, where it is analyzed how the ancient SMS would be used today by a group of cyber criminals to steal passwords from Gmail and gain access to email accounts is their victims.
The “hackers” not only manage to avoid the two-step verification in Google offers users as a security measure, but also perfectly adapted to its characteristics so that the victim does not suspect and take the bait.
SMS, the new tool of “hackers” to steal passwords of Gmail
The trap starts with a text message on your mobile of the victim. The company specializes in Restraint dinformática explains that apparently is an SMS sent by Google to inform the user that someone has tried to break into his Gmail.
Minutes later, the user receives an email dangerous. This is another false Google warning about an “unexpected logon attempt.” In this email, cybercriminals attached a link that, theoretically, take the victim to a website where you can change your password to strengthen the security of your account.
A false link takes the user to a tool of “phishing” that allow the “hacker” password seize the victim. Furthermore, this false website Google will prompt the user verification code sent to the company phone number by SMS (this time) when attackers first access to the account password but from a location that is not the usual.
In just two steps they can steal Gmail credentials and also the code that circumvent the verification in two steps from Google.
In its report, researchers from the University of Toronto warn that this is not the only way in which cybercriminals act, because they also managed to gain passwords Gmail through a system of “phishing” that began with a call which offered the victim a business deal.
This project was of course only the hook. The false proposal was submitted after the mailing of the victim through a link that led to an alleged document created in Google Drive. However, to access the false proposal was necessary to enter the username and password Google account. Thus, cybercriminals getting the necessary information to access your victim.
Discovered attacks come from a group of Iranian aimed cybercriminals several political dissidents in the country. However, all users of the mail service Google should be alert to cases like this, because anyone can be a victim of data theft and identity as started with this SMS.
Therefore, Panda Security advises create strong passwords and change them periodically.
— AVP
No comments:
Post a Comment