Here Is How Hackers Bypass Google’s Two-Factor Authentication

Here Is How Hackers Bypass Google’s Two-Factor Authentication

  

Here Is How Hackers Bypass Google’s Two-Factor Authentication

By on June 12, 2016 Security news, Technology


Hackers Bypass Google’s Two-Factor Authentication By Taking Social Engineering To A New level

You may have read reports of Gmail accounts being hacked despite the user having enabled the famed Google 2FA or two-factor authentication. This is because hackers are employing a new strategy to lure gullible users to hand over the 2FA code.
Some people can be tricked into disclosing their two-factor authentication code to criminals, as there is a new sly trick that makes them think that are in fact protecting their accounts while doing so.
Two-factor authentication (referred 2FA) is an important safety measure current mainstream of online services, from banks to Google, Facebook, and government agencies who have gradually adopted the security measures. In the two-factor authentication to protect the account needs to log operation when you need to enter a verification code to send SMS text messages, or even enter the correct password will be blocked by the system.

The login is classified as a hacking attempt, if the user doesn’t enter the code quickly, and the user is blocked from accessing the account, even if they entered the correct password.
Alex MacCaw, co-founder of Clearbit.com, tweeted out the image of an SMS he had just received on his Twitter. Anonymous attacker sent a phase MacCaw posing Google’s SMS messaging, message reads as follows:

“(Google™ Notification) We recently noticed a suspicious sign-in attempt to jschnei4@gmail.com from IP address 136.91.38.203 (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you will receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.”

Mainly, the attackers were mentally preparing the victim to receive the 2FA verification code, in order to facilitate the following illegal login attempt they were about to perform. The criminals were going to access MacCaw’s account, and when his 2FA system would commence, MacCaw would act to lock his account by sending the “verification code to Google.” In fact, MacCaw would be sending the 2FA code to the criminal, who would then enter it in the login page and access his account, with his help.
Thankfully, MacCaw was able to detect their strategies and didn’t fall for this new type of social engineering hoax. However, if you are a Gmail user, you should take precautions and not fall for these new tricks being used by hackers to gain access into your Gmail and Google accounts.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s