Khaberni - Gmail users' accounts are subjected to scam attempts targeting the theft of passwords and personal information using fake text messages and emails.
The operation starts with a text message that appears to be sent from "Google's Gmail", warning recipients of a potential account breach. The message includes a link titled "Recover Account", and clicking on it prompts the user to enter their Gmail password, which is then immediately stolen by the scammers.
In some cases, the attackers compile the stolen information with personal data such as phone numbers, then use social engineering tactics to convince telecommunications companies to transfer the number to a SIM card under their control. This allows them to access two-factor authentication codes sent via text message (temporary short codes sent to your registered phone number when attempting to log into your account).
Victims reported that the messages look very official, often referring to "previous login attempts" from foreign IP addresses (Internet Protocol addresses). Despite raising suspicions, this is often part of a phishing tactic.
Once the user enters their credentials, the scammers can access Gmail accounts, and if the same password is used on other sites, those accounts are also at risk.
Recommended Protection Steps
Cybersecurity experts recommend following several immediate steps to protect accounts:
1. Change your Google account password and use a strong, unique password for each account.
2. Activate two-factor authentication (2FA) using an authentication app or a physical security key, rather than text messages if possible.
3. Update all other accounts using the same password. A password manager can be used to store unique and strong passwords for each account.
4. Enhance phone number protection through your service provider, using options like Personal Identification Numbers (PIN) for SIM cards, account passwords, and freezing or locking the number to prevent the number from being transferred to another SIM.
5. Activate login alerts to monitor suspicious activity.
