The latest scam allows cyber-criminals to gain access to email accounts by getting users to send them password recovery codes via text message.
The cyber-criminal attempting to illegally access the targets email account just needs the targets email address and mobile number. The cyber-criminal prompts the email provider to send the text message containing a login code to reset a password.
The cyber-criminals follows it up with a text message to the target, using language imitating the email provider informs the target that suspicious activity has been detected and to send the unlock code. If the account owner responds with the 6 digit code, the cyber-criminal can now gain access to the users email account.
This Symantec blog post goes into more detail about the method.