Beware this simple “social engineering” trick that might let others break into your email

Ever forgot your password to an email account, or log in from a new computer? Chances are that you then had the provider send a verification code to your smartphone to authenticate your identity with your email service.

It is a common and convenient way to get access to your stuff. One possible vulnerability exists though if someone knows your phone number and email address. Then, all it takes is catching someone off guard, some clever texting, and the email account can be compromised.

All the phishing person needs to do is initiate a verification code process with your email provider, having the service send a text message to the victim’s phone with the code. Then, from an unknown number, immediately follow-up with an innocuous, but timely message about unauthorized activity and to reply with the authorization code.

While we think this looks too suspicious, all it takes is to be caught in the middle of doing something else, or taken off guard, and anyone could reply with the code. Once that is done, the phishing perpetrator has all they need to get access to your email and lock you out for a bit.

Symantec has a handy illustration of the process and some tips, without being a glaring ad for its own products. As much as we like to give attention to elaborate hacks of big blocks of data, often some of the most effective digital security comes from maintaining the basics.



via: TNW