Gmail, LinkedIn, Facebook, Twitter and most online services offer a dual authentication system to improve the security of their users’ accounts. If you thought to activate this option was enough to protect your account, then you will quickly become disillusioned as there is a method to bypass this protection.
The two-step authentication ( two-factor authentication, 2FA) is basically a good thing: making safer internet use. Usually, it works so that after entering a password, you’ll need to enter another ID – for example, a code sent to your phone or email-ID. This is how most of the net banks work. This method prevents unauthorized people from accessing our accounts even if they have obtained our password.
But the cunning of the hackers is always greater than the naive of the users. Alex MacCaw, co-founder of Clearbit, shared a photo on Twitter, which clearly shows that someone tries to extract the Google password for two-step verification.
Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC
— Alex MacCaw (@maccaw) June 4, 2016
Probably not the only one he tried to pull in. But what exactly is happening?
- An attacker sends a message to the user and pretends to be in the company where the user has their own account.
- You are referred to as suspicious activity and are requesting a two-step verification code to prevent you from breaking your account.
- The victim, who keeps it from scratch, gives the 2FA code from scratch and settles down to overcome the trouble.
- In fact, he just brought this trouble to you.
- The attackers then give the acquired 2FA code and then they will have access to the user’s account.
- Occasionally, even their identity is spoofed (spoofing) to make it appear to have actually come from an existing company such as Google or Microsoft.
Of course, even the user’s password is required for this operation. However, there are several ways to get this easy: recently, for example, there was a loud internet that a hacker (group) had stolen about 800 million passwords from social sites.
How can they avoid similar cases? First, choose a hard-to-guess but easy-to-remember password; If necessary, use password management software. And never give the 2FA code to anybody, even if it seems legitimate.
So, if you liked this article then simply do not forget to share this article with your friends and family.