Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor.

Attackers are using this tactic to break into Gmail and Yahoo accounts in large scale attacks.

2FA processes that are based on a text message are very popular because they are simple to use.

Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa.

In one campaign, threat actors targeted accounts on popular secure email services, such as Tutanota and ProtonMail.

In another campaign, hackers targeted hundreds of Google and Yahoo accounts, “successfully bypassing common forms of two-factor authentication”.

Amnesty International reported widespread phishing of Google and Yahoo users throughout 2017 and 2018. Attackers targeted human rights defenders and journalists from the Middle East and North Africa region that sharing with the organization suspicious emails they have received. Investigating the emails, the experts uncovered a large and long-running campaign of spear-phishing attacks seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.

The attackers used trivial sophisticated social engineering tricks that leveraged common “security alert” scheme. Victims receive fake alarms informing targets of a potential account compromise and asking them to urgently change their password.

The phishing messages included a link that redirected victims to a well-crafted and convincing Google phishing website designed to trick victims into revealing the two-step verification code.

“Sure enough, our configured phone number did receive an SMS message containing a valid Google verification code. After we entered our credentials and the 2-Step Verification code into the phishing page, we were then presented with a form asking us to reset the password for our account. ” continues the analysis.

“To most users a prompt from Google to change passwords would seem a legitimate reason to be contacted by the company, which in fact it is. “

Threat actors were able to automate the attack and take over the accounts of the victims.

Additional information on the phishing attacks, including IoCs, are reported in the analysis published by Amnesty International.

Pierluigi Paganini

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

How Bad Actors Are Learning to Hack Humans in Phishing Attacks
December 27, 2018

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X