Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers. The trick is as simple as it sounds: if you want to reset someone’s email account password, all you actually need is their mobile number. The scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. As soon as victim responds with the verification code, the email address is forfeited, and the attacker can log into victim’s Gmail account without detection.
Source: https://thehackernews.com/2015/06/how-to-hack-email-account.html