Hackers defeat two-factor authentication system using automated phishing assaults

Using the 2-factor authentication mechanism on online accounts does not only make them secure but also provides an effective means for keeping away hackers. However, there are imperfections in the system, as has been found with a mysterious group which is quite overtaking the protection mechanism so it can phish items off 1,000-and-more people, says Amnesty International the group that familiarly fights for human rights.

Amnesty came to know about the problem when journalists and defenders of human rights informed the agency. The informers were from North Africa and Middle East. According to Amnesty, the hackers' band it had been tracking beat the protection mechanism via distribution of false security alerts which appeared as coming from Yahoo else Google. Recipients of the alerts are told somebody may've hacked their accounts so they should visit a given web-link for accessing a genuine log-in page on which to reset their password.

Attackers in the incident look to so dupe victims that the latter would hand over the facility to access their accounts on Yahoo/Google despite the 2-factor authentication present. As per Amnesty International's observation, the phishing campaigns are particularly bothersome in that they do lot for weakening their targets' digital security methods. Mashable.com posted this, December 20, 2018. By enforcing the fake security alert process, hackers managed phishing both the code for 2-factor authentication, and password off their victims.

An investigation into the campaigns has been ongoing by Amnesty International. For carrying out a test of the assaults, Amnesty set up one disposable account on Google followed with opening one e-mail from the total phishing messages. Amnesty further made an investigation into the way the hackers crafted their phishing campaigns only to find the mysterious band inadvertently revealed one online directory being utilized for hosting their assaults.

It appears the hackers had been utilizing testing tools for web application for making the phishing procedure automatic. Normally, obtaining 2FA codes through an authenticator application is safer than through SMS. The former produces codes which keep altering in seconds. However, Amnesty International even then suggests 2FA for all people who should yet be aware there are limitations to the system.

» SPAMfighter News - 12/24/2018