Fell for phishing scam. Is my gmail account with 2-step verification vulnerable?
I can't believe it happened to me but I entered Gmail account's user-name and password into a website as part of a phishing scam. I use Gmail's 2-step verification and have changed my password. Is my Gmail account safe?
I got an email from a friend suggesting I download a document. We frequently exchange articles but I was suspicious so I emailed him back asking if he had sent me the first email.
He responded that he had and, dumb me, mentioning no specific details suggested I would think it was great. "How could a phishing scam respond like that?" I thought. I clicked the link, entered my Gmail username and password on my phone but couldn't access the "article."
I then logged into my Gmail (using 2-step verification) on one of the computers at work (a hospital with old Netscape browsers behind hospital network firewall) and opened the email and clicked the link. I typed in my Gmail username and password again (but no authenticator Google 2nd step access code because I wasn't prompted.)
Still unable to access the "document," I moved my friend's email into my Gmail account's "Follow-up with" folder thinking I would try later at home with a modern browser.
I hadn't yet followed up when this morning I got an email from my friend explaining that his yahoo account had been hacked from Korea and that it was even generating automated responses. He added, "Don't click on any links!"
I immediately changed my account's password (about 17 hours after entering my info into the scam's site) but even if I didn't, those baddies don't have access to my phone and it's authenticator app so couldn't access my email, right?
Anyone have any thoughts?
