Category
UncategorizedJoin thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
One fake Google text can lock you out of your entire digital life. Here's what to do about it.
You get a text that looks like it's from Google: "Your Gmail was accessed from Venezuela. Click here to recover your account." The page looks exactly like Google's real login. You type in your password. That's it. Scammers have everything they need to transfer your phone number to their device, lock you out of your bank accounts, and drain your retirement savings. This is happening right now. The folks who can't rebuild what's stolen? Retirees on fixed incomes.
The scam starts with a text message that looks legitimate. It appears to come from Google, Microsoft, your bank, or another company you trust. The message says something urgent: "Your account was accessed from Venezuela" or "Suspicious activity detected."
There's a link. "Recover Account" or "Secure Your Account Now." You click it. You land on a page that looks exactly like the real thing. Same colors, same logo, same layout. You type in your email and password.
You just gave criminals your login.
Minutes later, they call your cell phone provider. They impersonate you. They provide some basic information they found online (your name, address, maybe the last four of your Social Security from an old data breach). They request a SIM card transfer. Your phone number moves to a SIM card they control.
Once they have your phone number: Every password reset code from your bank, Social Security account, Medicare portal, brokerage, and email goes to their phone. Not yours. They reset passwords. Change security settings. Lock you out of accounts you've had for decades. All while draining what they can access.
I've been in cybersecurity for 50 years. I present to FBI InfraGard. My clients have a perfect track record against ransomware. And my own father still fell for a phishing email.
Tuesday afternoon. Email that looked like it came from his bank. Problem with his account. Click here to verify. He clicked. Entered his credentials.
My stepmother noticed a remote access program running on his computer. Called me immediately. I connected remotely and found scammers actively searching his hard drive for financial documents. They were looking for a spreadsheet he kept with all his bank account numbers and passwords.
We caught them before they found it. We were lucky.
That's when I built ForwardToSafety. I asked myself: What would I build if the person I was protecting was my father? Simple answer: a service where you forward a suspicious email and get a plain-English verdict in under a minute. Safe, Suspicious, or Dangerous. No jargon. No software. Just forward the email to [email protected] and know for sure.
Messages claiming your Gmail, Microsoft account, bank, or Social Security was accessed from another location. They often include specific cities or countries (Venezuela, Russia, China) to create urgency.
Your phone suddenly shows "No Service" or "SOS Only." Restarting doesn't fix it. Someone may be transferring your number right now. Call your provider immediately from another phone.
Any text with a link you weren't expecting is suspect, even if it looks like a company you do business with. Banks and tech companies don't send account security links via text.
If you start getting password reset codes or notifications for accounts you didn't try to access, someone may already have some of your credentials and is testing what they can get into.
Call your cell phone provider today. Tell them you want a SIM PIN or SIM lock on your account. This creates a separate PIN required before anyone can transfer your phone number to another SIM card.
What each provider calls it:
Enable 2FA for Gmail, bank accounts, Social Security, and any other financial accounts. But here's the part that matters: use an authenticator app, not text messages, whenever possible.
If someone swaps your SIM, they get your text messages. Authenticator apps like Google Authenticator or Microsoft Authenticator generate codes on your physical device. Scammers can't intercept those.
If you get a text about account security, suspicious activity, anything urgent, don't click the link. Open your browser. Type the company's website yourself. Log in through the official site or app. If there's really a problem, you'll see it there.
Even better: Forward suspicious texts and emails to [email protected]. Get a verdict in 47 seconds. Safe, Suspicious, or Dangerous. No guessing.
Your phone shows "No Service" and you can't make calls or receive texts:
Got a suspicious email or text sitting in your inbox? Don't guess. Forward it to [email protected] and get a plain-English verdict in under a minute.
No signup. No app. No technical knowledge required. Just forward and know.
Your retirement savings, Social Security, bank accounts. All one text message away from being compromised. You spent decades building that security. Don't let a 30-second scam text destroy it. Add a SIM PIN today. Turn on two-factor authentication. And never click links in text messages you weren't expecting. Five minutes of prevention beats months trying to recover what's been stolen.
#SIMSwapping #PhishingScam #TextScam #RetirementSecurity #CyberSecurity #ProtectYourSavings #SeniorSafety
Want weekly tech and security insights that protect your retirement? Sign up for my Insider Notes Newsletter at CraigPeterson.com.
No hype. No jargon. Just practical guidance.
Join 10,000+ cybersecurity professionals