We have heard of attacks phishing, but there is a new kind of social engineering that uses the mobile phone to trick the victim in a very easy and effective way.
A video of Symantec explains a new way of social engineering that attackers use to compromise any e-mail account.
The idea is simple: αν θέλετε να επαναφέρετε τον κωδικό πρόσβασης κάποιου, το μόνο που πραγματικά χρειάζεστε είναι ο αριθμός του mobile of.
The anatomy of the attack on the video is quite simple, but it is surprisingly effective:
Text the victim from an unknown number, warning the victim that they will receive a code to ensure their Google account is safeand asking him to reply with the code to confirm it.
Challenge the Gmail password reset process, which will send a message containing an unlock code to the victim's phone.
The user receives the code we have already reported and will send it back to the attacker
So the attacker can unlock the Gmail account without any problems
The video presents the new concept that would probably be quite effective for too many mobile owners.
If not most, many would probably answer an unknown number simply assuming it is really the company.
The same attack could also be used to bypass services that use two-factor authentication, although it is worth noting that Google sends SMS if this particular authentication is set up.
The problem with this kind of attack is that no one can stop it. The only measure of protection is to educate users, which will reduce the risk of falling into such traps.
So at some point you get a message from any number asking for your password, confirmation code or any other personal information, you should not answer.
There is no reason to ask you for the above (or any other) information via SMS.