Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to hack Gmail's two-step authentication
We still often use two-step authentication (or two-factor authentication) to ensure the security of our online accounts. Especially with familiar applications like Gmail, this method helps users feel more secure. This is the form of authentication that you use a password to log in to and a separate code (usually sent via phone message or application like Google Authenticator). Although it takes some time compared to normal, most people feel more confident because they are more secure.
But did you know that hackers can still successfully trick users who have used 2-step authentication? Here's how he did it.
Use a domain name that is a bit like real
Hackers cannot have access from within the server, so the first step after they choose to attack is to fake a colleague's email address that looks trustworthy. If the user email is phia@gimletmedia.com , the email that the phisher can use is phia@gimletrnedia.com .
Do you see the difference? If you look at it, you won't see the word 'media' in the domain name being replaced by 'rnedi-a', which looks very much like the real domain name. This domain name is also completely valid so it will not be included in the spam folder.
Attachments and text look convincing
The most unpredictable thing is that phishing emails look very normal. You can almost recognize a shady email immediately by strange characters. But this type of phishing will pretend that the manufacturer sends an audio file to edit or request approval . Along with a very convincing domain name, almost everyone believes.
Gmail login page 2 fake steps
One of the attachments will be PDF files in Google Docs, or look like that. When the victim clicks on it, it will go to the page for them to sign in to Google Docs as you would if you were already logged in to Gmail.
Using two-factor authentication doesn't mean you are safe
The fraudster will create a fake login page and send a real two-step authentication request to Google's real server, even if the login page is completely fake. The victim will still receive the message as usual and use it to enter the fake login page. Meanwhile, the fraudster will have access to the victim's Gmail account.
So the fish caught the bait.
Marvin FryYou should read it
- Hacker purged two-factor security just by automated phishing attacks
- How to update the new Gmail interface if your Gmail has not been upgraded
- Fix the authentication message error when signing up for Gmail
- Microsoft shows how to avoid trapping phishing
- Turn on 2-step verification for 2-layer security for Gmail, send the verification code to your phone when signing in
- Google: 2-factor authentication can prevent 100% of automated bot hacks
- Comprehensive Gmail security guide
- Russian Hacker is using Google's own infrastructure to hack Gmail users
May be interested
- Easily bypass the iPhone's authenticity thanks to the vulnerability on iOS 11
this is certainly not the good news apple expects to receive after the iphone's launch days. a bug on ios 11 allows anyone to pass icloud authentication with the wrong password during initial screen setup. - Authenticate what two factors are and why you should use ittwo-factor authentication (2fa) is a security method that requires two different ways to prove your identity. it is often used in everyday life.
- Pros and cons of passwordless authenticationpasswordless authentication verifies a person's identity through more secure options than a password or any other mnemonic.
- Protect your GitHub account with two-factor authenticationtwo-factor authentication helps keep your online accounts secure. therefore, increasing the security of your github account with two-factor authentication is a smart thing to do.
- Google Account security guide with Google Authenticatorgoogle authenticator protects your google account from keyloggers and password theft. with two-factor authentication, you will need the password and authentication code to log in.
- How to turn on two-factor authentication to protect your Firefox accountmozilla has begun implementing two-factor authentication (2fa) in firefox accounts. enabling this feature on the account will add security layer by requesting verification before logging in. this means that even someone who knows the password cannot access your account.
- How to hack Wifi password with Aircrack-Ngin this article, we will use aircrack-ng and dictionary attack method with encrypted password taken from the 4-step handshake process.
- What is HTTP Authentication? 5 Stages of HTTP Authenticationhttp authentication is a security mechanism that helps verify the identity of users when they access web resources.
- Apache 2 supports SSL / TLS: Step-by-step instructions (continued Part II)the third method of this signed certificate can be used in the intranets network just like all other organizations use, or plan to use their own certificate authentication. in this case, the local ca certificate must be installed on all web browsers connected to the security of w
- Why shouldn't SMS be used to authenticate two factors and what are alternatives?security experts always suggest using two-factor authentication to secure users' online accounts. many default services are authenticated by sms, but is this really a safe choice?
Tech info
- Samsung Flow can be used on Windows 10 computers
- Research shows that just getting a smartphone close by can make you 'more foolish'.
- The researchers successfully cracked 1024-bit RSA in GnuPG Crypto Library
- Why will AirPods finally be available in the iPhone box?
- Look back at the 9 photos of 'ducking swans' of the phone after 80 years
- China banned VPN services to build the Great Wall
Samsung Flow can be used on Windows 10 computers
Research shows that just getting a smartphone close by can make you 'more foolish'.
The researchers successfully cracked 1024-bit RSA in GnuPG Crypto Library
Why will AirPods finally be available in the iPhone box?
Look back at the 9 photos of 'ducking swans' of the phone after 80 years
China banned VPN services to build the Great Wall