- Send another text message containing an unlock code to the registered phone.
- The victim receives the code with a text something like this: “This is Google. There has been unauthorized activity on your account. Please reply with your verification code.“
- As soon as victim responds with the verification code, the email address is forfeited, and the attacker can log into victim’s Gmail account without detection.
This social engineering trick sounds so easy and requires almost no technical skills to get into anyone’s email account.
Most of us reply to the unknown phone calls and messages thinking it is from the company, as receiving messages and phone calls from companies is not something uncommon.
Always be Defensive to such Scams
Legitimate messages from password recovery services will only tell you the verification code and will not ask you to respond in any way.