

How to hack into an email account, just by knowing your victim's mobile number - Fjolsvith
https://grahamcluley.com/2015/06/hack-email-account-mobile/

======
gesman
Title is overhyped.

"just by knowing your victim's mobile number"

should read:

"just by knowing your victim's mobile number AND having victim stupid enough
to send _YOU_ verification code"

~~~
nunull
Hmm.

"just by knowing your victim's mobile number AND e-mail address AND having
victim stupid enough to send YOU verification code"

------
rip747
All this is is social engineering to trick the victim. This can be done with
_anything_ if the victim is a trusting soul.

------
QuercusMax
The only thing that really makes this novel is that we have become accustomed
to receiving automated texts from random numbers we've never seen before. If
texts had some way of proving identity, this would be much less likely to
work.

~~~
soylentcola
Sure, but I guess I'd never reply unless I specifically had just requested a
pass reset or something similar.

I get that this social engineering trick is like most others and preys on
people who _don 't_ think about what they're typing or replying to, but isn't
that the case with a lot of similar tactics?

If a malicious actor can trick someone into giving out a PIN or a password by
impersonating their email host or bank or whatever, their work is relatively
easy.

------
softdev12
The solution is for the official Google (et al) text to include a message
about the real reason the code was sent, making it clear that the hacker's
first text was malicious.

------
hashberry
Never discount the threat of the human element in hacking.

Kevin Mitnick was a successful hacker due to his skills in social engineering.

Posters may discount this "hack"\--but think about the policies and training--
if any--your company has in place to prevent this type of social engineering.

