A Google Photos flaw could expose your location
infosec

A Google Photos flaw could expose your location

A vulnerability in Google Photos, discovered by Imperva, a cyber-security software company, allows ...
Read More
infosec tweaks

What is spear phishing and how can we protect it

In our time, phishing attacks, also known as "phishing," are emerging as a growing threat. So it's very ...
Read More
infosec

Hackers-creators of famous Banking Trojans work together for the perfect attack!

Banking Trojans are popular in criminal systems, given the valuable data and financial service credentials that can ...
Read More
infosec

What are DoS attacks and what tools are being implemented?

Before the DDoS attacks occur, their predecessors, known as Denial of Service attacks (DoS), formed the ...
Read More
infosec rapidshare

NordVPN: The most reliable VPN service provider

Find Out the Best VPN Service on the Market What is a VPN A Virtual Private Network or VPN,
Read More
Latest Posts

Phishing attacks bypass 2 identity authentication

PhishingDo not expect that two-factor authentication is always enough to protect your accounts. OR Google has noticed a worrying increase in phishing attacks that can bypass the security setting.

"We have seen a large increase in the number of 2FA phishing attacks," said Nicolas Lidzborski, security chief Gmail.

These "2FA phishing attacks" work by cheating the victim in order to give the password and the special one-time password that protect the Gmail account. Normally, this one-time password is difficult to obtain as it appears on a person's smartphone and ends after 30 seconds.

However, Lidzborski said hackers have crafted password-crash programs to be able to find a one-time password. The so-calledphishing kits"Steals the victim's password and the two-factor authentication code as they type it into misleading email and login pages, and then access the account within the 30 second time limit.

"2FA is much better than a factor that only uses a username and a password. There is no doubt about that, "he said. "However, some hackers try to bypass 2FA."

In December, Amnesty International said a hacking team was able to bypass the protection of two agents through an automated phishing attack that can steal and connect with passwords before the 30 second has expired. A month later, a security researcher released an open source toolkit, which can also create phishing pages to bypass the two factors.

The fact that a one-time password is sent by SMS does not always help. This can authenticate two agents vulnerable to SIM attacks, in which a hacker can steal the mobile phone number.

During the talk, Lidzborski said Google is trying to protect Gmail accounts from successful phishing attacks, blocking attempts to connect from unknown geographic locations. The company's email service may also alert you to emails that look like phishing attempts and to the dangers that arise from opening suspicious links within them.

But to be protected, Lidzborski recommends that users and businesses adopt a hardware-based solution: USB security keys. They work by replacing one-time passwords with a physical piece of hardware that you can connect to your computer to access your online accounts. In July, Google said it had given all its employees security keys.

Unfortunately, security keys are not cheap. The Google product costs $ 50 for two keys. However, Lidzborski said they are very effective.

Lidzborski has not been able to quantify the exact rise of these attacks, which Google has identified. On average, the company meets 100 million fishing messages per day. But in the past, only the most specialized hackers, such as state spies, used phishing attacks, which could neutralize the identity of two players, he said. "It is now available as an open source phishing framework," he added. "So it's more widespread than before."

We must always be careful with the inbox to our email. Phishing emails often look like legitimate services, like Google, and try to trick you into visiting an official login page, and in fact the website is designed to steal your passwords. To teach the public how to detect phishing attacks, Google's Jigsaw last month developed a phishing quiz that can tell you more about the threat.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *