Security News Hackers Find Clever Way to Bypass Google's Two-Factor Authentication

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Content source
http://news.softpedia.com/news/hackers-find-clever-way-to-bypass-google-s-two-factor-authentication-505138.shtml
CkJH47gUoAEpZNG.jpg

There's a sneaky new trick going around that can fool some people into divulging their two-factor authentication code to crooks, while thinking they're actually protecting their accounts.

Two-factor authentication, or 2FA, is a second layer of authentication that many online services support, from banks to Google, from Facebook to government agencies.

2FA works by requiring a user to enter a code that he received via SMS on his phone after he logged into a 2FA-protected account. If the user doesn't enter the code in a timely manner, the login is classified as a hacking attempt and the user blocked from accessing the account, even if he entered the correct password. You can see the benefits, right?

Crooks pass as Google, ask users for "verification code"
This past week, Alex MacCaw, co-founder of Clearbit.com, tweeted out the image of an SMS he just received.

An unknown attacker had sent MacCaw an SMS message posing to be from Google. The SMS read as follows:

(Google™ Notification) We recently noticed a suspicious sign-in attempt to [your email] from IP address 136.91.38.203 (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you ill receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.

Basically, the attackers were mentally preparing the victim to receive the 2FA verification code, for their illegal login attempt they were about to carry out.

Read more: Hackers Find Clever Way to Bypass Google's Two-Factor Authentication
 
  • Like
Reactions: omidomi, Rishi, Lucent Warrior and 12 others
done

done

Level 5
Verified
Mar 19, 2015
217
I started to receive to my phone something similar to this. It is regarding bank account.
Reset your bank password......
Thats new trick now sending phishing links to cell phones.
Thx for sharing
 
  • Like
Reactions: Rishi, DardiM, frogboy and 3 others
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
New "protection" methods, new hacking tricks, it will never end :(
Thanks for sharing :)
 
  • Like
Reactions: Rishi and frogboy
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Good try but of course you cannot put down those highly experience ones. ;)

Probably few users who do not have supervision may trick with this social engineering.
 
  • Like
Reactions: DardiM, AlphaBeta and Rishi
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
Security News Threat actors use Tycoon 2FA kits to target MS 365 and Gmail accounts
Replies
3
Views
1,073
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
Security News New phishing attack steals your Instagram backup codes to bypass 2FA
Replies
0
Views
1,131
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Cisco Duo warns third-party data breach exposed SMS MFA logs
Replies
1
Views
1,264
Security News
Practical Response
Practical Response

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top