Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor.

Attackers are using this tactic to break into Gmail and Yahoo accounts in large scale attacks.

2FA processes that are based on a text message are very popular because they are simple to use.

Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa.

In one campaign, threat actors targeted accounts on popular secure email services, such as Tutanota and ProtonMail.

In another campaign, hackers targeted hundreds of Google and Yahoo accounts, “successfully bypassing common forms of two-factor authentication”.

Amnesty International reported widespread phishing of Google and Yahoo users throughout 2017 and 2018. Attackers targeted human rights defenders and journalists from the Middle East and North Africa region that sharing with the organization suspicious emails they have received. Investigating the emails, the experts uncovered a large and long-running campaign of spear-phishing attacks seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.

The attackers used trivial sophisticated social engineering tricks that leveraged common “security alert” scheme. Victims receive fake alarms informing targets of a potential account compromise and asking them to urgently change their password.

The phishing messages included a link that redirected victims to a well-crafted and convincing Google phishing website designed to trick victims into revealing the two-step verification code.

“Sure enough, our configured phone number did receive an SMS message containing a valid Google verification code. After we entered our credentials and the 2-Step Verification code into the phishing page, we were then presented with a form asking us to reset the password for our account. ” continues the analysis.

“To most users a prompt from Google to change passwords would seem a legitimate reason to be contacted by the company, which in fact it is. “

Threat actors were able to automate the attack and take over the accounts of the victims.

Additional information on the phishing attacks, including IoCs, are reported in the analysis published by Amnesty International.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase