A Text Message Mess

Let me set the scene: your friend John is rushing to get his daughter from school and his son to the soccer field, and he still needs to stop at the grocery store because there’s nothing in the fridge. In the midst of this everyday madness, he gets a text message from Google with a verification code. He thinks, “That’s weird. Maybe I should log in to my email and see what’s going on.”

Before he has a chance, he gets another message. It says:

Google has detected unusual activity on your account. Please reply with the verification code sent to your mobile device to stop unauthorized activity.  

What should John do?

It’s quite possible that he might reply with the code — especially while he’s distracted, and worried that he might lose access to his email. Unfortunately, if he sends the code, he’ll be giving a hacker access to his email account.

Here’s what happened behind the scenes:

  1. A hacker who has John’s email address and mobile number went to the email login screen, clicked “Forgot Password,” and asked for a verification code via text message.
  2. John got the verification code on his phone.
  3. The hacker — pretending to be John’s email provider — sent him a text message and asked for the code.
  4. John forwarded the code to the hacker, and the hacker had everything he needed to complete the login process.

The hacker could gather a lot of information about John while snooping through his email. He also could change John’s settings, so future emails sent to John are forwarded to the hacker. It could be a long time before John notices this change.

So, what can you do?

Don’t send verification codes to anyone via text or email. Use these codes only on the login page. And if you get a verification code that you didn’t request, let your provider know about it. That could be a sign that someone is tampering with your account.

If you suspect that someone has hacked into your email, here’s what to do:

 

Comments

This might be something that people are getting. I would forward to all LSI employees.

The here's what to do: section is blank. I'm using IE11

There should be a video. Here's a link to the video: https://www.consumer.ftc.gov/media/video-0104-hacked-email-what-do

great it almost happened but I was to distracted to respond at that time. Good I did not

Please help to clear any unusual activity within my email.

Great information as usual. Although I don't have a smart phone and I am not a fan of them, I do appreciate the energy you are devoting to protect consumers from fraud of this and any other kind. Thank you very much and keep me updated.

Thank you for this important information

The message describes the problem and concludes : "here is what to do" .... and the screen show a cryptic window ..... ARRGGHHH !

This blog post includes a video. You might be seeing a screen shot of the video. Click on the 'start' button in the lower left corner to view the video.

The video has error codes associated with it and can't be played. Good information about other scams and such .
I was looking for a possible scam I ran into today. Re: craigslist item I was trying to sell. The supposed purchaser used strange words and finally switched to French asking me to email back. He or she would not say what city or place they were coming from . For directions.
Avoided actual "real type "conversation. Figured they were trying to eventually get more info. But I didn't follow prompts. Ended our conversation.

Excellent and easy to follow. Some of our less PC Literate friends would have a problem - therefore recommend:

PRINTER FRIENDLY ACTION LIST using the format STEP 01 Problem - FIX - WHY STEP 02 etc. this would really be useful.

Confusing advice. Why is there a message from Adobe there? What follows, "here's what to do:"

This blog post includes a video. You might be seeing a screen shot of the video. Click on the 'start' button in the lower left corner to view the video.

The bank that I started an account with has you enter your ID then will send you a code via phone call or text whichever you choose. I recently needed to check my account and entered my whole e-mail address into the user ID part. I got back six different phone numbers listed for my e-mail. I haven't had this account but just a few months and have never had an account there before. Is there something fishy going on here?

Contact your bank and explain what happened. If you find out that someone has misused your personal information, go to identitytheft.gov for tips about what to do first.

Best advice ever. Thanks. I'm sharing this with one of my friends who has an Apple business and his customers are plagued with this problem. I'm also suggesting that he subscribe to FTC.gov to enable his troubleshooting with his business. Great asset to anyone.

Someone hacked my sister's Facebook account and got me to email him, posing as her in Messenger. He went after all her FB friends. Beware!

This is exactly what I think has happened to me.Somehow someone has gotten into my accts.They have made the last 7-12 months a living hell.I thought I was losing my mind.Naked pictures have been sent out claiming to be me. And they are not. My passwords have been changed so many times I can not remember them.
I have a picture and a Gmail address of 1 person. And the name and phone number of another. The name and phone number person has never stopped until I threatened to sue him. The other, must have changed his email or was just an innocent. I'm scared to leave my home alone to even go to the grocery store. I was conned into believing 1 person was in South Carolina. And stupied me bought into all his BS. And lost $220. Then it turned into horrible text messages non stop. He even texted me while I was on vacation in Mexico. And when he could not get money, came more horrid texts. He filled my home page with porn. Signed me up on so many dating sites I lost count. Actually told me to pick up a gun and kill myself. I even went to the extreme of making him think that I actually did. Didn't work. Told him I would overdose. I have tried to reason with this person. And now he has the nerve to say he's going to file charges against me for harrassment.
What is a person to do in a situation like this? I changed my number. He got it. Now changed my email. That all lasted 3 days. How do I stop this guy. He took advantage of a bad situation I was going through & used it for a chance to say all the right things. Then turned the tables. And said I was a liar and sending him crazy emails that I did not send. And broke me down to feeling like the ugliest, fattest person on earth. How do I stop a sick person like that. Things are quiet now. But I know he will start up agian soon. But he does not quit. Out of the blue I may hear from him agian. If I answer, he says it was not him. Thus slug of a man needs to be stopped. I even tried to call his carrier. Sprint to stop him. They do not care. And the police can't help. I tried that route. If you have a way to stop him. Please, help me!!

The FTC has a blog about technology tips for domestic violence and stalking victims. You might find some useful tips there.

If you're getting repeated calls from the same number, ask your carrier if it can block the number. The carrier might charge a fee for that.

Go to identitytheft.gov to read about what you can do If someone took your personal or financial information and is mis-using it to open new accounts or do other things in your name.

Greetings. Just refrain from keeping any info on or about financial transactions...even leading to any connections or hint to another/other transactions online. Even via phone. I'd prefer transacting with cash.

Not bad advice, but I find it implausible that the hacker would have your cell phone number, which would be required in order for him/her to send you a direct text message informing you that you needed to log into your account.

I just want to thank you (all the individual people) for these informative and helpful alerts.

i need help with my android tablet

I like it so so much

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.