Go Back   DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts > World News/Sport/Weather > Piracy/Warez/Legal/Hackers/Scams & Internet News

Piracy/Warez/Legal/Hackers/Scams & Internet News Anything Related to Piracy, Warez, Legal Matters, Hackers, Internet News & Scams and How it Affects Sites/Members Can Be Read Here. Please do NOT post links to other Sites, but you May Name Them if They are Scam Sites

IMPORTANT ANNOUNCEMENT
Hallo to All Members. As you can see we regularly Upgrade our Servers, (Sorry for any Downtime during this). We also have added more Forums to help you with many things and for you to enjoy. We now need you to help us to keep this site up and running. This site works at a loss every month and we appeal to you to donate what you can. If you would like to help us, then please just send a message to any Member of Staff for info on how to do this,,,, & Thank You for Being Members of this site.
Post New ThreadReply
 
LinkBack Thread Tools Display Modes
Old 30-06-15, 02:36   #1
Official Site Uploader & TECH ADVISOR
 
Join Date: Aug 2013
Location: Australia
Posts: 7,172
Thanks: 212
Thanked 2,673 Times in 2,022 Posts
jenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond repute

Awards Showcase
Bronze Medal Gold Medal Gold Medal Gold Medal 
Total Awards: 4

Default Webmail password reset scam

Webmail password reset scam

Webmail password reset scam lays the groundwork for serious aggro
19 Jun 2015 at 15:09, John Leyden

Symantec has warned about a new password recovery scam that tricks users into handing over webmail account access, possibly setting the stage for more serious security issues.

Crooks behind the social engineering ruse need only knowledge of a prospective mark’s email address and associated mobile phone number before attempting the con.

Users of webmail services including Gmail, Outlook and Yahoo! are all potentially at risk. Phase one of the scam starts when a fraudster poses as a victim and requests a password reset, selecting the option of sending an account rescue verification code to a victim’s mobile phone.

Crooks don’t have access to this phone. What comes next is the sneaky part.

Fraudsters approach the victim with a text message, supposedly from Google or their webmail provider, requesting the six-digit account rescue verification code they’ll have just received as “confirmation”.

If the victim replies with the verification code, then the crooks are then free to seize control of the account. Hijacking is the most obvious risk, but crooks could be more subtle.

They could automatically configuring the forwarding of emails to accounts under their control, for example.

These emails will be forwarded even after a victim regains control of his or her account and changes passwords. Fraudsters are interested in personal email addresses, not so much as an end in themselves, but because webmail addresses are tied to social media and online banking accounts. So one successful password reset scam lays the groundwork for further password reset fraud.

Symantec has put together a blog post and video to illustrate the scam – which is apparently doing the rounds.

It’s easy to imagine people getting taken in by this kind of ruse. And the solution is not to avoid registering mobile phone number with webmail providers, since the process by itself offers security benefits because it underpins two-factor authentication options within, for example, Gmail.

“The simplest advice is to be suspicious of SMS messages that ask you to text back a verification code, in particular if you did not request a verification code in the first place,” said security veteran Graham Cluley in a blog post.

More info here:
http://www.theregister.co.uk/2015/06/19/webmail_password_recovery_scam/
jenkins4 is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote
Post New ThreadReply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2
Designed by: vBSkinworks