Fake technical support
Symantec reports on their website that the type of scam described above has now evolved to fool victims into calling the attackers directly. This is done via pop-up error alerts, steering the victim to a number where a ´tech support rep´ attempts to sell worthless services. The alerts are caused by a malicious programme on the computer, which frequently comes bundled with “freeware” software the victim downloaded. Symantec reports that they have already blocked 100 million of these types of attacks.
Gmail scam
Two-step verification is not a guaranteed protection method. In the Gmail scam, the attacker obtains a victim’s e-mail address and phone number. Posing as the victim, he/she then requests a password reset from Google. Most Gmail users have a security measure set up to receive pin codes on their phones. Google thus sends the code to enable the password reset to the victim’s phone. The attacker, meanwhile, texts the victim with a message along the lines of: “Google has detected unusual activity on your account. Please respond with the code sent to your phone to stop unauthorised activity.” Believing this message, the victim sends the code received to the attacker, who uses it to reset the password, enabling him/her to access the data or set up forwarding. The attacker then informs the victim (still posing as Google) of the new temporary password assigned, allowing the victim to take back control of the account without ever suspecting the breach.