Jump to content
Login new information ×
Login new information

Hackers Find Clever Way to Bypass Google's Two-Factor Authentication

vissha

By vissha
in Security & Privacy News

Recommended Posts

vissha

vissha

Posted
Posted

Hackers Find Clever Way to Bypass Google's Two-Factor Authentication

 

hackers-find-clever-way-to-bypass-google

 

Attackers take social engineering to a totally new level

 

Quote

There's a sneaky new trick going around that can fool some people into divulging their two-factor authentication code to crooks, while thinking they're actually protecting their accounts.

 

Two-factor authentication, or 2FA, is a second layer of authentication that many online services support, from banks to Google, from Facebook to government agencies.

 

2FA works by requiring a user to enter a code that he received via SMS on his phone after he logged into a 2FA-protected account. If the user doesn't enter the code in a timely manner, the login is classified as a hacking attempt and the user blocked from accessing the account, even if he entered the correct password. You can see the benefits, right?

 

Crooks pass as Google, ask users for "verification code"

 

This past week, Alex MacCaw, co-founder of Clearbit.com, tweeted out the image of an SMS he just received.

 

An unknown attacker had sent MacCaw an SMS message posing to be from Google. The SMS read as follows:

 

Quote

“  (Google™ Notification) We recently noticed a suspicious sign-in attempt to [email protected] from IP address 136.91.38.203 (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you ill receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.  ”

 

Basically, the attackers were mentally preparing the victim to receive the 2FA verification code, for their illegal login attempt they were about to carry out.

 

The crooks were going to access MacCaw's account, and when his 2FA system would kick in, MacCaw would act to lock his account by sending the "verification code to Google." In fact, MacCaw would be sending the 2FA code to the crook, who would then enter it in the login page and access his account, with his cooperation.

 

Fortunately, MacCaw recognized their tactics and didn't fall for this new type of social engineering trick.

 

Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC — Alex MacCaw (@maccaw) June 4, 2016

 

Source

Link to comment
Share on other sites
  • Replies 5
  • Views 1.3k
  • Created
  • Last Reply
mona

mona

Posted
Posted

Thanks for the precaution.

Oh gosh !  It's really easy to be fooled this way,    :eek:   :angry:  :s

 

BTW

More about Two-factor authentication (2FA) you gonna find here.

Link to comment
Share on other sites
mona

mona

Posted
Posted
11 minutes ago, humble3d said:

Dear Mona... Just who is that beautiful avatar ?  :huh:

 

:D :) :D   Thank you, thank you.... I'm glad you like it.   :P

Link to comment
Share on other sites
R0H1T

R0H1T

Posted
Posted
On 6/11/2016 at 11:13 PM, mona said:

Thanks for the precaution.

Oh gosh !  It's really easy to be fooled this way,    :eek:   :angry:  :s

 

BTW

More about Two-factor authentication (2FA) you gonna find here.

Nope, if you pay attention to the image (SMS) you'll know it's not google, also the messaging number doesn't seem to belong to google. Lastly I've only seen the suspicious activity reminders being reported via email, even for hotmail & yahoo, so all things considered it's a perfect phishing storm -_-

 

I take it it's not you then :lol:

12 hours ago, mona said:

 

:D :) :D   Thank you, thank you.... I'm glad you like it.   :P

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...