This voice authentication scam from Google can empty your bank accounts in minutes
In its latest security alert, the Federal Bureau of Investigation (FBI) warns U.S. citizens that those who have shared their phone numbers online could be affected by a Google Voice authentication scam. According to the Agency, search for active phone numbers in all possible sources, including social networks, sales platforms and job boards.
Google Voice is a telecommunications service from Google launched on March 11, 2009, after acquiring the GrandCentral service. By October 2009, Google Voice had approximately 1.4 million users, of which 570,000 used the service 7 days a week.
In cases of a successful attack, threat actors will set up a Google Voice account in the name of the affected users, in addition to trying to take control of their Gmail accounts. For this, hackers contact users posing as customers, salespeople or recruiters and requesting that they verify their identity by sending an authentication code.
With these simple steps, hackers will try to set up a Google Voice account in the name of the legitimate user, so that they could access their online platforms are required to interact further with the user, thus deploying subsequent malicious campaigns.
Faced with this situation, the FBI recommends that affected users consult Google’s support website to find a remedy and regain control of their account, in addition to disabling the Google Voice account if necessary. The authorities also issued a series of recommendations to prevent this attack:
- Do not share Google verification codes with others under any circumstances
- For online sellers, it is best to always deal with potential buyers in person. If you need to make any electronic transactions, be sure to use legitimate payment processors
- Never share your email address to buyers or sellers doing business over the phone
The campaign is still active, so potential victims are advised to remain alert to possible actions by hackers.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
Originally published at https://www.securitynewspaper.com on January 6, 2022.