Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Google Voice. Show all posts

You Might Be A Victim Of Google Voice Scam, Here's How To Protect Your Account

 

According to the FBI, Americans sharing their contact numbers online are attacked by Google Voice authentication scams. FBI explains that scammers are targeting users who have posted their phone numbers as a form of contact while trying to sell their products or services on online market platforms and social media. 

"Recently, we have also been getting reports of people who are getting targeted in other locations, including sites where you post about lost pets," reports FBI. 

Once successful, scammers set up a Google voice account in their victims' name or hack the target's Gmail accounts. Scammers use these hijacked emails later for other malicious campaigns or phishing attacks. 

The scammers contact their targets using text messages or emails that show their interest in items up for selling, the scammer then asks the seller to verify themselves by providing an authentication code from Google. FBI says "what he is really doing is setting up a Google Voice account in your name using your real phone number as verification."

After the Google Voice account is set up, scammers can easily launch other attacks, these attacks can't be retracted back to their origin. An attacker can also use these codes to penetrate and take control of a victim's Gmail account. 

How to protect yourself? 

If you have suffered a Google Voice authentication scam, the FBI suggests visiting Google's support website for assistance on how to get back your Google Voice account and retake your Voice number. 
  • You can also follow these tips suggested by the FBI:  ‌
  • Never share your Google verification code with anyone.  ‌
  • Only deal with buyers or customers in person. Use verified payment platforms for money transfer. ‌Avoid sharing your email Ids to buyers/sellers doing business on phone. 
  • Don't rush yourself into a sale. Your buyer may pressure you to respond, keep patience, don't get manipulated. 
If you suspect you have fallen victim to these online scams, you can report the incident to the FBI's Internet Crime Complaint Center, or call their local FBI office. 

"If your linked number gets claimed, that means you or someone else is using that number with another Voice account. If you still own the linked number, you can add it back to the Voice account where you want to use it," says the Google support website.

Google Voice Disruption Caused by Expired TLS Certificates

 

Google has affirmed that a Google Voice malfunction that had impacted the majority of telephone service users this month was triggered, in an incident report released on Friday, by expired TLS certificates. It stopped most of Google Voice users from signing into their accounts and allowing more than four hours of use of the app between 15 February and 16 February 2021. 

Google Voice is a Google voicemail service that allows users to send free texts, personalize the voicemail, read text transcripts for voicemail, and much more. The voicemail service of Google, which previously required a Google Voice invitation code for installation, is now free of charge available for all Gmail users. 

The incident report states that, "Google Voice users experienced an issue in which some new inbound or outbound Voice over Internet Protocol (VoIP) calls failed to connect, for a total duration of 4hours 22 minutes." 

In order to manage phone calls over the Internet protocol, Google Voice uses the Initiation Session Protocol (SIP). Google Voice consumer devices aim at ensuring a continuous SIP link with Google Voice services during routine operation. The customer tries to regain contact automatically after a link fails. Transport Layer Security (TLS) certificates are also rotated periodically to ensure that all Google Voice traffic is protected and linked. 

"Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue," Google explained. "During the impact period, any clients attempting to establish or re-establish a SIP connection were unable to do so." 

Users could not access the Google Voice platform to make or accept VoIP calls following the breakdown of expired certificates. However, consumer systems with an active SIP connection were not impacted during the outage before this incident (as long as the connection was not interrupted). The technical team concluded after the analysis that the root cause was certificate configuration. The team has developed and initiated an emergency roll-out of modified credentials and configuration information to interfaces. After mitigation was enforced, the functionality of Google Voice SIP customers restored retrieval of their connections.

Publishing the incident report, the Google Workspace Team stated the steps taken by the engineers. They insisted on, setting additional constructive warnings for credential expiry incidents to come, and set up additional reactive warnings in Google Voice frontend applications for TLS errors. Alongside, enhance automatic credential rotation tooling and changes to set up and to allow the quick rollout of configuration improvements, utilizing more portable facilities. Developing emergency roll-out testing and practice examples with Google Voice interface applications and settings.

Google is committed to improving our technology and operations efficiently and consistently to avoid service disruptions. They said that “We thank your patience and excuse your company for any effects. For your company, we appreciate you.”