Text message claims that the recipient’s Google account has been hacked and he or she needs to reply with a specified code word to receive a call to verify and reactivate the account.
The message is not from Google and the claim that the user’s account has been hacked is untrue. The message might be a ruse to collate a list of likely targets for future spam and scam campaigns. Or it might be an attempt to trick users into supplying sensitive personal information or subscribing to premium rate SMS services. The exact motivation of the perpetrators remains elusive, but is certainly nefarious. If you receive one of these text messages, do not reply.
Google user #56767: your account has been hacked. Text back “SEND CODE” When you are ready to receive your reactivate number.
Gmail ID# 57277:
Your account has been hacked. We need to call
You to verify your account. Text back with
“READY” when you are ready to receive this call
Google Message #97584: Your Gmail has been compromised by hackers. We need to call to verify your identity. Reply to this message with ‘READY’ when you are ready to recieve the call.
Since at least March 2013, numerous mobile phone users around the world have reported receiving strange text messages claiming that their Google account has been hacked. The messages claim that Google must call recipients to verify their identity and reactivate the compromised account. Recipients of the text are instructed to reply with a code word when they are ready to receive the verification call.
However, the text message is certainly not from Google and the claim that the recipient’s Google account has been hacked is a lie.
The obvious intention of the messages is to trick users into responding. But, the exact motivation of those responsible for the spam messages remains unclear.
ThreatTrack Security Labs investigated the spam messages in June 2013 and found that those who reply receive a message containing a “verification code”. They later receive a call with a pre-recorded message asking them to enter the verification code. After entering the code, users are told that their voicemail is ready to be set up. The ThreatTrack article notes:
What exactly is taking place here? Is it a long winded way to sign people up to premium rate SMS services? A phish gone horribly wrong? The worst promotion for a new voicemail service ever? Nobody seems to be entirely sure.
The ruse might also be an elaborate attempt to identify users who are likely to fall for future spam or scam campaigns. Those who reply are showing that they are susceptible to such tricks and are willing to follow instructions. They are therefore prime targets for future attacks. A list containing the phone numbers of such “primed” potential victims would be considered very valuable to scammers and spammers. Thus, the goal of those responsible for these spam messages might be to collate a list of potential victims that they can later sell to other criminals.
But, whatever the motivation, it is clear that those responsible have dishonest intentions. If you receive one of these messages just delete it. Do not reply.
And, if receiving one of the messages has raised your concern about the integrity of your Google account, you might want to enable Google’s 2-step verification system.