The process of sending a verification code to your cell phone is called a 2-step verification process. This process is very effective because it prevents someone from gaining access to your account, even if they know your username and password. A lot of email providers have already implemented the 2-step verification process to help protect their users’ accounts from phishing scams or password stealing malware like Trojan horse and spyware.
But, cybercriminals have found how to bypass this security feature using a text message or SMS phishing scam. But, they can only do so, if the potential victims allow them, so it is important to remember not to send or respond to a SMS text message with your verification code. If you are asked to send or respond to an email or SMS text message with your verification code, it is a cybercriminal attempting to trick you, so he/she can illegally gain access to and hijack your email account.
Some cyber-criminals may also attempt to call their potential victims and ask them for the verification code, by falsely claiming that they doing system upgrades, verifying account information or there is something wrong with your account. But remember, never give your verification code to anyone. Your email account provider or other legitimate companies will never call or text you, asking for your verification code.
How Cyber-criminals Can Gain Access to their Victims' Email Accounts?
The video below will illustrate how cyber-criminals can gain access to their victims’ email accounts using SMS phishing scams. If you are not able to view the video, please see a transcript of the video below.
- the cyber-criminal get his/her potential victim's email address and cellphone number; the victim may have submitted his/her cellphone and email address on some phishing or fake website
- the cyber-criminal will then go to the potential victim's email provider website and start the password recovery process for the potential victim’s email account
- the cyber-criminal will enter the potential victim's email address and select the option of sending a verification code to the potential victim's cellphone
- the cyber-criminal will then send a text message or SMS from his/her cellphone to the potential victim's cellphone stating that they are from the potential victim's internet service provider, and persuade the potential victim into sending them the SMS or text message with the verification code
- once the cyber-criminal has the verification code, he/she will use it to reset or change the victim's email account password;
- once the cyber-criminal has changed the password, they will change the cellphone number associated with the email account; this will prevent the victim from reseting his/her password