Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to hack Gmail's two-step authentication
We still often use two-step authentication (or two-factor authentication) to ensure the security of our online accounts. Especially with familiar applications like Gmail, this method helps users feel more secure. This is the form of authentication that you use a password to log in to and a separate code (usually sent via phone message or application like Google Authenticator). Although it takes some time compared to normal, most people feel more confident because they are more secure.
But did you know that hackers can still successfully trick users who have used 2-step authentication? Here's how he did it.
Use a domain name that is a bit like real
Hackers cannot have access from within the server, so the first step after they choose to attack is to fake a colleague's email address that looks trustworthy. If the user email is phia@gimletmedia.com , the email that the phisher can use is phia@gimletrnedia.com .
Do you see the difference? If you look at it, you won't see the word 'media' in the domain name being replaced by 'rnedi-a', which looks very much like the real domain name. This domain name is also completely valid so it will not be included in the spam folder.
Attachments and text look convincing
The most unpredictable thing is that phishing emails look very normal. You can almost recognize a shady email immediately by strange characters. But this type of phishing will pretend that the manufacturer sends an audio file to edit or request approval . Along with a very convincing domain name, almost everyone believes.
Gmail login page 2 fake steps
One of the attachments will be PDF files in Google Docs, or look like that. When the victim clicks on it, it will go to the page for them to sign in to Google Docs as you would if you were already logged in to Gmail.
How to hack Gmail's two-step authentication Picture 1
Using two-factor authentication doesn't mean you are safe
The fraudster will create a fake login page and send a real two-step authentication request to Google's real server, even if the login page is completely fake. The victim will still receive the message as usual and use it to enter the fake login page. Meanwhile, the fraudster will have access to the victim's Gmail account.
So the fish caught the bait.
Marvin FryYou should read it
- More than 90% of Gmail users still don't use the two-factor authentication feature
- [Infographic] 4 types of Phishing are easy to trap users
- Hacker purged two-factor security just by automated phishing attacks
- How to update the new Gmail interface if your Gmail has not been upgraded
- Fix the authentication message error when signing up for Gmail
- Microsoft shows how to avoid trapping phishing
- Turn on 2-step verification for 2-layer security for Gmail, send the verification code to your phone when signing in
- Google: 2-factor authentication can prevent 100% of automated bot hacks
- Comprehensive Gmail security guide
- Russian Hacker is using Google's own infrastructure to hack Gmail users
- What is Spear Phishing?
- Google uses machine learning for new security features on Gmail
Maybe you are interested
From Encryption to Authentication: A Comprehensive Guide to Securing Your Emails
How to Secure GraphQL API: Implement User Authentication in Express.js Using JWT
What is user authentication? How does this feature work?
How to build an authentication system in Django using OAuth
How to enable two-factor authentication for Threads accounts
How to integrate Google authentication in Next.js app using NextAuth
Tech info
Samsung Flow can be used on Windows 10 computers- Research shows that just getting a smartphone close by can make you 'more foolish'.
- The researchers successfully cracked 1024-bit RSA in GnuPG Crypto Library
- Why will AirPods finally be available in the iPhone box?
- Look back at the 9 photos of 'ducking swans' of the phone after 80 years
- China banned VPN services to build the Great Wall
Samsung Flow can be used on Windows 10 computers
Research shows that just getting a smartphone close by can make you 'more foolish'.
The researchers successfully cracked 1024-bit RSA in GnuPG Crypto Library
Why will AirPods finally be available in the iPhone box?
Look back at the 9 photos of 'ducking swans' of the phone after 80 years
China banned VPN services to build the Great Wall