How Hackers Manage To Bypass Google’s Two-Factor Authentication

How Hackers Manage To Bypass Google’s Two-Factor Authentication (3)

The Two-factor Authentication is generally seen as the safest play for securing your Google accounts, which requires you (the user) to enter a code that you received via SMS on your phone before you can log in a 2FA-protected account. This prevents anyone from gaining unauthorized access to your account, even if they manage to get hold of your password. And this double-layered authentication process is supported by numerous online services, including big banks, Google, Facebook, and even the government.

How Hackers Manage To Bypass Google’s Two-Factor Authentication (6)

But, you might have heard some reports of Gmail accounts being hacked, despite the user having enabled the Google 2FA or two-factor authentication. This is because hackers are employing a new trick to lure gullible users, by sending them an SMS posing as Google, asking for the 2FA verification code.

How Hackers Manage To Bypass Google’s Two-Factor Authentication (3)

Earlier this week, Alex MacCaw, cofounder of data API Company Clearbit, tweeted a screenshot of a text message he had received attempting to trick its way past 2FA on a Google account.

The message reads as follows:

“(Google™ Notification) We recently noticed a suspicious sign-in attempt to [email protected] from IP address (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you will receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.  ”

Here’s how the hacker’s trick works:

  • The hacker sends the target a text message, pretending to be the very company that the target has an account with.
  • The text message says that the company has detected “suspicious” activity to the target’s account and so is sending the 6-digit code to them, which the target user should then text back to them to avoid having their account locked.
  • The target user, worrying that they are being hacked and not wanting to lose access to their data, sends the code back, believing they have thwarted the attempted hack.
  • But in doing so, they actually provide the hacker with a security code to break into the account.
  • Subsequently, the hacker would enter the target user’s password, followed by this ill-gotten 2FA code, and access the account without the real user’s knowledge.

Fortunately, MacCaw was clever enough to spot their strategies and didn’t fall for this new type of social engineering hoax. However, if you are a Gmail user, you should be more careful as hackers are coming up with numerous techniques to gain access to your Gmail and Google accounts. And don’t text your 2FA codes to anyone, even if they appear legitimate.


    • Hi Ganapathy,

      It is indeed called as Hacking.
      It is a technique in hacking called Social Engineering.
      In this technique, a hacker tries to fool the user by pretending to be from Company (here Google) to steal sensitive information like Password, Credit/ Debit card number etc.

  1. Well, That’s a social engineering attack. Almost of 90% of hacking attacks due to ignorance of user and not due to a weakness in a system.
    It’s easy to fool a human than a system.
    The thumb rule everyone should follow is NO company asks you to send your password/ OTP via SMS or email or on call.
    Common sense is the best way you can protect yourself.


  2. Hey Admin!
    How Hackers Manage To Bypass Google’s Two-Factor Authentication really informative post shared in this site. By the way admin you can shared some more wallpapers also in this blog with some description also.Like i am also shared a blog which one contain some different wallpapers also i am sure people also like this wallpapers and shared on social media.

Comments are closed.