How to hack Gmail's two-step authentication
Two-factor authentication does not mean that you are absolutely safe against phishing attackers.
We still often use two-step authentication (or two-factor authentication) to ensure the security of our online accounts. Especially with familiar applications like Gmail, this method helps users feel more secure. This is the form of authentication that you use a password to log in to and a separate code (usually sent via phone message or application like Google Authenticator). Although it takes some time compared to normal, most people feel more confident because they are more secure.
But did you know that hackers can still successfully trick users who have used 2-step authentication? Here's how he did it.
Use a domain name that is a bit like real
Hackers cannot have access from within the server, so the first step after they choose to attack is to fake a colleague's email address that looks trustworthy. If the user email is phia@gimletmedia.com , the email that the phisher can use is phia@gimletrnedia.com .
Do you see the difference? If you look at it, you won't see the word 'media' in the domain name being replaced by 'rnedi-a', which looks very much like the real domain name. This domain name is also completely valid so it will not be included in the spam folder.
Attachments and text look convincing
The most unpredictable thing is that phishing emails look very normal. You can almost recognize a shady email immediately by strange characters. But this type of phishing will pretend that the manufacturer sends an audio file to edit or request approval . Along with a very convincing domain name, almost everyone believes.
Gmail login page 2 fake steps
One of the attachments will be PDF files in Google Docs, or look like that. When the victim clicks on it, it will go to the page for them to sign in to Google Docs as you would if you were already logged in to Gmail.
Using two-factor authentication doesn't mean you are safe
The fraudster will create a fake login page and send a real two-step authentication request to Google's real server, even if the login page is completely fake. The victim will still receive the message as usual and use it to enter the fake login page. Meanwhile, the fraudster will have access to the victim's Gmail account.
So the fish caught the bait.
Discover more
phishing phishing via gmail two-step authentication
Share by
Marvin FryYou should read it
- Hacker purged two-factor security just by automated phishing attacks
- How to update the new Gmail interface if your Gmail has not been upgraded
- Fix the authentication message error when signing up for Gmail
- Microsoft shows how to avoid trapping phishing
- Turn on 2-step verification for 2-layer security for Gmail, send the verification code to your phone when signing in
- The Quiet Details That Make a Sports Betting Platform Feel Reliable
- Instructions on creating toy set images with ChatGPT AI
- How are AI agents changing the journalism industry?
- Samsung Flow can be used on Windows 10 computers
- Research shows that just getting a smartphone close by can make you 'more foolish'.
- The researchers successfully cracked 1024-bit RSA in GnuPG Crypto Library