I've been getting a lot of spam calls claiming to be from 'Google', and I usually spend about 15 minutes playing along with them. They always ask me to open my YouTube app and hit the 'yes, it's me' prompt, which I never do. My main concern is whether they can actually trigger that prompt without having my password. Does this mean they might have used my password to access my account, or is that prompt more of an alternative verification method? I recently changed my password, so I'm hoping I'm safe, but I'm just curious about it.
1 Answer
Yes, if they're asking you to confirm a login on your YouTube app, they might have your login token or session key. However, if you've recently changed your password to a completely new one, that’s a good sign that your account is likely secure. It's crucial not to click on any prompts or give out information during those spam calls because they often try to trick you into providing access.
That's true! I’ve heard of session token hijacking too. It could allow them to prompt those confirmations without needing your actual password. Just a reminder to enable two-factor authentication for extra security!