Bill Hartzer

Scammers Using Craigslist to Gain Access to Google Accounts

By Bill Hartzer, February 7, 2020 at 9:22am CST.

Scammers are using Craigslist ads to try to gain access to your Google Account. When the victim places an ad on Craigslist, they respond, asking to call them. Once they have the phone number of the victim, they ask the victim for the Google code that they have Google send them, and they’re then able to access the Google account.

The user HandwovenBox posted about this scam on Reddit.

Here is how the Craigslist Google account scam typically works:

There are people out there that unfortunately fall for this scam to get access to the victim’s Google account.

The scammer has no intention of buying what the victim is selling on Craigslist, they only want to get access to the victim’s Google Account.

Google account access is, in fact, highly valuable to scammers because there oftentimes can be so many things attached to a Google Account. For example, Google Pay is attached to a Google Account, as well as email, Google Voice, Google Drive, Google My Business, as well as Google Ads.

Review Your Google Account

There are several things you can do to secure your Google Account. Obviously you need to protect your password, and change it on a regular basis. I would regularly visit Google’s account security page to review the devices and apps that have access to your Google Account. You do need to turn on two-factor authentication, which essentially means that when you access your Google Account from an unknown device (or a new device) then Google will send you a code (the code that the scammer above wanted to receive from the victim). That’s not enough, though, to fully protect your account. I recommend that you also set up Google Advanced Protection.

Google Advanced Protection

Google Advanced Protection is an extra layer of protection to help secure your Google Account. Google sends you two physical “keys” that must be used in order to access the account. When you log in through a new or untrusted device, you’ll be asked to use one of the keys to verify that it’s you trying to access the account. There is a bluetooth key and a USB/MFC type of key that you’ll get. I wrote about my experience setting up Google Advanced Protection, and wrote about the other benefits of using it.

Exit mobile version