vissha Posted June 12, 2016 Share Posted June 12, 2016 Hackers Find Clever Way to Bypass Google's Two-Factor Authentication Attackers take social engineering to a totally new level Quote There's a sneaky new trick going around that can fool some people into divulging their two-factor authentication code to crooks, while thinking they're actually protecting their accounts. Two-factor authentication, or 2FA, is a second layer of authentication that many online services support, from banks to Google, from Facebook to government agencies. 2FA works by requiring a user to enter a code that he received via SMS on his phone after he logged into a 2FA-protected account. If the user doesn't enter the code in a timely manner, the login is classified as a hacking attempt and the user blocked from accessing the account, even if he entered the correct password. You can see the benefits, right? Crooks pass as Google, ask users for "verification code" This past week, Alex MacCaw, co-founder of Clearbit.com, tweeted out the image of an SMS he just received. An unknown attacker had sent MacCaw an SMS message posing to be from Google. The SMS read as follows: Quote “ (Google™ Notification) We recently noticed a suspicious sign-in attempt to [email protected] from IP address 136.91.38.203 (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you ill receive momentarily. If you did authorize this sign-in attempt, please ignore this alert. ” Basically, the attackers were mentally preparing the victim to receive the 2FA verification code, for their illegal login attempt they were about to carry out. The crooks were going to access MacCaw's account, and when his 2FA system would kick in, MacCaw would act to lock his account by sending the "verification code to Google." In fact, MacCaw would be sending the 2FA code to the crook, who would then enter it in the login page and access his account, with his cooperation. Fortunately, MacCaw recognized their tactics and didn't fall for this new type of social engineering trick. Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC — Alex MacCaw (@maccaw) June 4, 2016 Source Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Share Posted June 12, 2016 Thanks for the precaution. Oh gosh ! It's really easy to be fooled this way, BTW More about Two-factor authentication (2FA) you gonna find here. Link to comment Share on other sites More sharing options...
humble3d Posted June 12, 2016 Share Posted June 12, 2016 Dear Mona... Just who is that beautiful avatar ? Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Share Posted June 12, 2016 11 minutes ago, humble3d said: Dear Mona... Just who is that beautiful avatar ? Thank you, thank you.... I'm glad you like it. Link to comment Share on other sites More sharing options...
R0H1T Posted June 12, 2016 Share Posted June 12, 2016 On 6/11/2016 at 11:13 PM, mona said: Thanks for the precaution. Oh gosh ! It's really easy to be fooled this way, BTW More about Two-factor authentication (2FA) you gonna find here. Nope, if you pay attention to the image (SMS) you'll know it's not google, also the messaging number doesn't seem to belong to google. Lastly I've only seen the suspicious activity reminders being reported via email, even for hotmail & yahoo, so all things considered it's a perfect phishing storm I take it it's not you then 12 hours ago, mona said: Thank you, thank you.... I'm glad you like it. Link to comment Share on other sites More sharing options...
humble3d Posted June 14, 2016 Share Posted June 14, 2016 Whoever she is, she looks just like a private investigator i know... She's a gem... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.