A simple yet ingenious scam is being used by scammers to compromise accounts of Gmail, Outlook and Yahoo Mail users, Symantec researcher Slawomir Grzonkowski warns.
"To pull off the attack, the bad guys need to know the target’s email address and mobile number; however, these can be obtained without much effort," he explains.
"The attackers make use of the password recovery feature offered by many email providers, which helps users who have forgotten their passwords gain access to their accounts by, among other options, having a verification code sent to their mobile phone."
Once the verification code is sent to the legitimate user's mobile phone, it's followed by a message by the scammer, saying something like: "Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity."