A Text Message Mess

Let me set the scene: your friend John is rushing to get his daughter from school and his son to the soccer field, and he still needs to stop at the grocery store because there’s nothing in the fridge. In the midst of this everyday madness, he gets a text message from Google with a verification code. He thinks, “That’s weird. Maybe I should log in to my email and see what’s going on.”

Before he has a chance, he gets another message. It says:

Google has detected unusual activity on your account. Please reply with the verification code sent to your mobile device to stop unauthorized activity.  

What should John do?

It’s quite possible that he might reply with the code — especially while he’s distracted, and worried that he might lose access to his email. Unfortunately, if he sends the code, he’ll be giving a hacker access to his email account.

Here’s what happened behind the scenes:

  1. A hacker who has John’s email address and mobile number went to the email login screen, clicked “Forgot Password,” and asked for a verification code via text message.
  2. John got the verification code on his phone.
  3. The hacker — pretending to be John’s email provider — sent him a text message and asked for the code.
  4. John forwarded the code to the hacker, and the hacker had everything he needed to complete the login process.

The hacker could gather a lot of information about John while snooping through his email. He also could change John’s settings, so future emails sent to John are forwarded to the hacker. It could be a long time before John notices this change.

So, what can you do?

Don’t send verification codes to anyone via text or email. Use these codes only on the login page. And if you get a verification code that you didn’t request, let your provider know about it. That could be a sign that someone is tampering with your account.

If you suspect that someone has hacked into your email, here’s what to do:

 

Comments

This might be something that people are getting. I would forward to all LSI employees.

The here's what to do: section is blank. I'm using IE11

There should be a video. Here's a link to the video: https://www.consumer.ftc.gov/media/video-0104-hacked-email-what-do

great it almost happened but I was to distracted to respond at that time. Good I did not

Please help to clear any unusual activity within my email.

Great information as usual. Although I don't have a smart phone and I am not a fan of them, I do appreciate the energy you are devoting to protect consumers from fraud of this and any other kind. Thank you very much and keep me updated.

Thank you for this important information

The message describes the problem and concludes : "here is what to do" .... and the screen show a cryptic window ..... ARRGGHHH !

This blog post includes a video. You might be seeing a screen shot of the video. Click on the 'start' button in the lower left corner to view the video.

The video has error codes associated with it and can't be played. Good information about other scams and such .
I was looking for a possible scam I ran into today. Re: craigslist item I was trying to sell. The supposed purchaser used strange words and finally switched to French asking me to email back. He or she would not say what city or place they were coming from . For directions.
Avoided actual "real type "conversation. Figured they were trying to eventually get more info. But I didn't follow prompts. Ended our conversation.

Pages

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.