Iranian hackers are bypassing Google's extra secure, two-step verification to get into your Gmail account, so they can take it over. These hackers are sophisticated, so you need to know about this.
These hackers attack your Gmail account in one of two ways. The first is with a text message that looks like it's from Google. It'll say someone has tried to access to your Gmail account, so you need to reset your password.
No worries, right? Gmail will need you a second piece of information, a code they'll typically send in a text message. A hacker who doesn't have your cellphone would have no way of getting that code. Which is the point of two-step verification.
Except, these Iranian hackers are smarter than that. The text message directs you to an email, which links to a bogus Google password reset page. It's live, so these hackers are watching as you input your password. They use that password to trigger Google to send you a security code, which they also see you input. From there, they take control of your Gmail.
There's a second way these hackers are gaining control of Gmail accounts. It's another phishing scam that starts with a phone call. You should be suspicious if anyone calls you with a money-making opportunity. If you take the bait, they'll send you an email, directing you to that same bogus Google website. They'll have you input your Gmail password and Google's security code. Be careful.
But, there's one piece of good news here. So far, these hackers seem to be hacking only the Gmail accounts of people who oppose them for their political or religious points of view.