Here is how this phishing scam works. The victim receives a text asking whether they’ve requested a password reset for their Gmail account – and, if not, to reply with the word ‘STOP’.
Employees who have not received any new-school security awareness training could likely fall for this social engineering tactic, and will respond with ‘STOP’. Next, they are urged to send the 6 digit numerical code in order to prevent the password being changed.
Of course what is really happening is that the scammer has requested a password change on their account. That request sends a code to the real account owner to verify that they actually want the password changed. And by sending the attacker that code back, you’re enabling the bad guys to complete the password change, and now they have access to the account and all the email. Please remain mindful that everyday someone is attempting to gain access to your data and coming up with new creative ways to get it. If you ever suspect something phishy, do not hesitate to get in contact with us.