How Cyber-criminals can Hijack Your Email Account using SMS Phishing Scam

Do you know that cyber-criminals can gain access to and hijack their victims' email accounts using the victims' email addresses and cell phone numbers? This is a SMS or text message scam used by cybercriminals to trick their potential victims into sending them their email account verification codes. Yes, once cyber-criminals are able to trick their potential victims into sending them their 2-step verification codes (see video below), they (cyber-criminals) will be able to gain access to and hijack their victims' email accounts.

How Cyber-criminals can Hijack Your Email Account using SMS Phishing Scam

The process of sending a verification code to your cell phone is called a 2-step verification process. This process is very effective because it prevents someone from gaining access to your account, even if they know your username and password. A lot of email providers have already implemented the 2-step verification process to help protect their users’ accounts from phishing scams or password stealing malware like Trojan horse and spyware.

But, cybercriminals have found how to bypass this security feature using a text message or SMS phishing scam. But, they can only do so, if the potential victims allow them, so it is important to remember not to send or respond to a SMS text message with your verification code. If you are asked to send or respond to an email or SMS text message with your verification code, it is a cybercriminal attempting to trick you, so he/she can illegally gain access to and hijack your email account.

Some cyber-criminals may also attempt to call their potential victims and ask them for the verification code, by falsely claiming that they doing system upgrades, verifying account information or there is something wrong with your account. But remember, never give your verification code to anyone. Your email account provider or other legitimate companies will never call or text you, asking for your verification code.

How Cyber-criminals Can Gain Access to their Victims' Email Accounts?

The video below will illustrate how cyber-criminals can gain access to their victims’ email accounts using SMS phishing scams. If you are not able to view the video, please see a transcript of the video below.

  • the cyber-criminal get his/her potential victim's email address and cellphone number; the victim may have submitted his/her cellphone and email address on some phishing or fake website
  • the cyber-criminal will then go to the potential victim's email provider website and start the password recovery process for the potential victim’s email account
  • the cyber-criminal will enter the potential victim's email address and select the option of sending a verification code to the potential victim's cellphone
  • the cyber-criminal will then send a text message or SMS from his/her cellphone to the potential victim's cellphone stating that they are from the potential victim's internet service provider, and persuade the potential victim into sending them the SMS or text message with the verification code
  • once the cyber-criminal has the verification code, he/she will use it to reset or change the victim's email account password;
  • once the cyber-criminal has changed the password, they will change the cellphone number associated with the email account; this will prevent the victim from reseting his/her password
Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

How Cyber-criminals can Hijack Your Email Account using SMS Phishing Scam