GMAIL and YouTube users have been warned about a scam that can leave them locked out of their accounts.
The scam comprises cybercriminals promising a fake return on the cryptocurrency XRP to users who reply to their phishing attempt.
1
Phishing is a scam where attackers trick people into revealing sensitive information or downloading malware.
The goal of the scammer is to steal a user’s banking information, identity, or passwords.
Scammers often send phishing attempts over texts, email, or social media messaging.
What’s more, the criminals have even been utilizing deep fake technology to mimic the CEO of Ripple Lab, the company behind XRP, to make their scheme more believable.
Read more on cybercriminals
Deepfakes are created via artificial intelligence to duplicate the voices and faces of unsuspecting victims.
Users are asked to send over XRP and are told they will receive twice that amount back.
This has instead led to their money being lost, and their accounts being compromised.
Users are reporting that the cybercriminals bypassed their two-factor or multi-factor authentication security and then locked them out.
Most read in News Tech
“My Google account got hacked. The hackers changed the password and the phone number and also edited the 2-factor authentication settings,” one person explained on a Google support page.
“I have no way to log in to that account. Now they are hijacking my Youtube channel with over 120,000 Subscribers and they are doing a scam live stream,” they added.
Google adds new Gmail ‘magic AI’ button that writes your emails for you – turn it on to save so much time
GOOGLE’S RESPONSE
A Google spokesperson told Forbes, “There are techniques we use and continuously update to detect and block suspicious access indicating potentially stolen cookies.”
For those users whose accounts have been hacked, the tech giant notes, “Our automated account recovery process allows a user to use their original recovery factors for up to 7 days after it changes.”
The only caveat is that users must have set this up before the incident.
Users ‘not protected’ – the EXPERT view
Speaking to The U.S. Sun, KnowBe4 cybersecurity expert Roger Grimes reveals the sinister truth about how unsafe you really are…
“The sad, unfortunate fact is that over 90% of MFA is as easy to hack or bypass as the passwords they were designed to replace. There are many good forms of MFA that are far less susceptible to social engineering and hacking, and all the major MFA vendors know it, but they are still selling the far weaker stuff…and most consumers see MFA and think they are buying something super protective when it really isn’t.
“This is nothing new. This sort of hacking around and using MFA has been going on since MFA was invented. Unfortunately, the average consumer thinks using MFA will significantly protect them…and some forms do. But, the most popular types that most consumers and sites use don’t. So, you’ve got people thinking they are somehow super protected against hackers when they really aren’t. And that false belief is potentially harmful to their own self interests.
“Most, if not all, the major vendors have had serious problems allowing legitimate owners to recover their accounts once they’ve been seized by hackers, especially if the user didn’t use MFA, but the attacker enables it. I’ve had victims writing me for over a decade complaining how they can’t regain control of their own stolen accounts, and to date, I’ve not had a single person tell me that they’ve been able to get their account back if the attacker enabled MFA. Then, sadly, they learn that all the content and photos they uploaded to the site and felt were “theirs” is gone forever. It’s a hard lesson to learn. I’ve always wondered why vendors don’t make it easier for victims to recover their accounts.”
“For additional protection, we continue to encourage users to take advantage of security tools, like passkeys and Google’s Security Checkup,” the spokesperson added.
HOW TO ENABLE 2FA
To enable 2FA on your Gmail account, open your Google Account.
In the navigation panel, select Security.
Under “How you sign in to Google,” select 2-Step Verification and then tap on Get started.
Follow the on-screen steps.
HOW TO STAY SAFE
There are several steps you can take to mitigate your risk of being a phishing victim.
For starters, it’s important to always keep your devices updated with the latest software.
You should always avoid installing apps from unofficial system stores, and even then, do your research.
READ MORE SUN STORIES
Furthermore, you should never click on any links or open any attachments from strange text messages or emails.
It’s also important to install an antivirus on your device so it can scan for any malware.
