Recently, the Federal Bureau of Investigation released a report on how criminals are using a Google form of this type of telephone verification system to take over a victim’s gmail account and set up fraudulent Google Voice accounts in their victim’s names and phone numbers.
According to the FBI press release, the scammers target people who post things in online marketplaces, such as a couch for sale or reward for a lost dog (Fluffy).
“The scammer contacts you via text or email. He is really interested in buying that couch or thinks he found Fluffy. He says he just needs to make sure you are legitimate so he doesn’t get scammed. He says he will send you an authentication code from Google to confirm that you are a real person and not a bot. You will receive that authentication code in the form of a voice call or a text message. He asks you to repeat that number to him.
What he is really doing is setting up a Google Voice account in your name using your real phone number as verification. Once set up, he can use that Google Voice account to conduct any number of scams against other victims that won’t come back directly to him. He can also use that code to gain access to, and take over, your Gmail account.”
Google Voice allows users to set up a virtual phone number to use for calls and texts. But in this hack, the victim doesn’t need to have a Google Voice account to fall victim. The FBI offers this advice:
- Watch out for warning signs. Most scammers use a sense of urgency to pressure you into making a snap decision. Pause ask yourself why you’re feeling this way and who’s behind it.
- Don’t share your Google Verification code with others.
- Don’t give your email address to anyone reaching you on the phone.
And perhaps the best advice I can offer is don’t use the same password for all your different online accounts.