How to hack Gmail's two-step authentication
Two-factor authentication does not mean that you are absolutely safe against phishing attackers.
We still often use two-step authentication (or two-factor authentication) to ensure the security of our online accounts. Especially with familiar applications like Gmail, this method helps users feel more secure. This is the form of authentication that you use a password to log in to and a separate code (usually sent via phone message or application like Google Authenticator). Although it takes some time compared to normal, most people feel more confident because they are more secure.
But did you know that hackers can still successfully trick users who have used 2-step authentication? Here's how he did it.
Use a domain name that is a bit like real
Hackers cannot have access from within the server, so the first step after they choose to attack is to fake a colleague's email address that looks trustworthy. If the user email is phia@gimletmedia.com , the email that the phisher can use is phia@gimletrnedia.com .
Do you see the difference? If you look at it, you won't see the word 'media' in the domain name being replaced by 'rnedi-a', which looks very much like the real domain name. This domain name is also completely valid so it will not be included in the spam folder.
Attachments and text look convincing
The most unpredictable thing is that phishing emails look very normal. You can almost recognize a shady email immediately by strange characters. But this type of phishing will pretend that the manufacturer sends an audio file to edit or request approval . Along with a very convincing domain name, almost everyone believes.
Gmail login page 2 fake steps
One of the attachments will be PDF files in Google Docs, or look like that. When the victim clicks on it, it will go to the page for them to sign in to Google Docs as you would if you were already logged in to Gmail.
Using two-factor authentication doesn't mean you are safe
The fraudster will create a fake login page and send a real two-step authentication request to Google's real server, even if the login page is completely fake. The victim will still receive the message as usual and use it to enter the fake login page. Meanwhile, the fraudster will have access to the victim's Gmail account.
So the fish caught the bait.
You should read it
- More than 90% of Gmail users still don't use the two-factor authentication feature
- [Infographic] 4 types of Phishing are easy to trap users
- Hacker purged two-factor security just by automated phishing attacks
- How to update the new Gmail interface if your Gmail has not been upgraded
- Fix the authentication message error when signing up for Gmail
- Microsoft shows how to avoid trapping phishing
- Turn on 2-step verification for 2-layer security for Gmail, send the verification code to your phone when signing in
- Google: 2-factor authentication can prevent 100% of automated bot hacks
- Comprehensive Gmail security guide
- Russian Hacker is using Google's own infrastructure to hack Gmail users
- What is Spear Phishing?
- Google uses machine learning for new security features on Gmail
Maybe you are interested
Mobile games and web games kill time effectively during long breaks Certain attractive mobile games must try once How to identify a link is safe? The process of 'stealing' Yahoo Mail passwords in 4 minutes Fix error 'Steam is temporarily unavailable, please try later' Invite Guns of Icarus Alliance, team-based air combat game costs 15 USD, is free