Google Voice, a service where Google provides you a virtual phone number so you can make and receive calls and texts, is being used in a new scam. Even if you don’t use Google Voice, this scam may impact you.
According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the scam involves a threat actor responding to a personal ad (Let’s say you are selling a couch on Craigslist). The scammer wants to send you an authentication code, to confirm that you are legit.
What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number, and using you to assist them with Google’s authentication process during setup. Once completed, the threat actor has a new Google Voice account tied to your mobile phone, so they can carry on without worrying about having it tied to their own phone. Additionally, the code being sent could be purposed to allow them access to reset the password on your Gmail account.
Organizations relying on Gmail for their corporate email should be specifically concerned about the ramifications of such a scam; with access to one of your internal email accounts, threat actors can easily spray out phishing emails designed to provide endpoint access or install ransomware.
Everyone in your organization should be educated about this and other similar scams. Through repeated exposure to phishing and scam scenarios, employees build a toolbox against attacks like these, spotting them instantly, and reducing your organization’s risk of a successful attack. To take preventative steps and implement ongoing Security Awareness Training at your organization, contact Radiant Resources today.