Two-factor authentication is a godsend for securing your accounts.
It requires a second level of proof of who you are — typically a code sent to your phone — before you can log in. This prevents anyone from gaining unauthorised access to your account, even if they manage to get hold of your password.
However, hackers and hijackers are managing to find ways around it.
Earlier this week, Alex MacCaw, cofounder data API company Clearbit, shared a screenshot of a text attempting to trick its way past two-factor authentication (2FA) on a Google account.
Here’s how it works:
- The attacker sends the target a text message, pretending to be the very company that the target has an account with.
- They say they have detected “suspicious” activity to the account, and so are sending the 2FA code to the target, which they should then text back to them to avoid having their account locked.
- The victim, worried they are being hacked and not wanting to lose access to their data, sends the code back, believing they have thwarted the attempted hack.
- But in doing so, they actually give the hacker the one thing they needed to break into the account.
- The hacker enters the victim’s password, followed by this ill-gotten 2FA code, and they’re in.
The attacker can sometimes even spoof their identity — so the text looks like it comes from Google, or Facebook, or Apple, rather than an unknown number. For the full article click here
from hacker samurai http://ift.tt/1YjR9b3
via IFTTT
No comments:
Post a Comment