Tuesday, August 20, 2013

Mobile scam claiming GMail is compromised reported today on local TV station

Liz Crenshaw of NBC Washington (NBC4) is reporting today about a mobile phone virus or worm that flashes to users a message (apparently an MMS or SMS text) that their Google GMail has been compromised, and which then attempts to solicit personal information.

This is a hoax or scam, and should not be responded to. Links in the text should not be reported.  Users can report incidents to their carriers or the FTC.

Off hand, it would sound as if such a scheme could compromise "2-step verification" to Google accounts, which depend on a cell phone.  But users can download an app to generate the verificaion codes and not depend on the text being sent -- suddenly, that method sounds more secure.  Or users can also use special codes that can be saved on a file and used when a cell phone is not available.

Other providers, such as banks and other social media (like Facebook), are likely to adopt such verification methods in the future.  There might need to be common vendors for the code generating apps.
Google accounts started offering 2-step verification about three years ago after password cracking attacks (for international scams trying to get money from relatives for people falsely reported as arrested overseas) made the news.   

No comments: