How Hackers Manage To Bypass Google’s Two-Factor Authentication

9
16
How Hackers Manage To Bypass Google’s Two-Factor Authentication (3)

The Two-factor Authentication is generally seen as the safest play for securing your Google accounts, which requires you (the user) to enter a code that you received via SMS on your phone before you can log in a 2FA-protected account. This prevents anyone from gaining unauthorized access to your account, even if they manage to get hold of your password. And this double-layered authentication process is supported by numerous online services, including big banks, Google, Facebook, and even the government.

How Hackers Manage To Bypass Google’s Two-Factor Authentication (6)

But, you might have heard some reports of Gmail accounts being hacked, despite the user having enabled the Google 2FA or two-factor authentication. This is because hackers are employing a new trick to lure gullible users, by sending them an SMS posing as Google, asking for the 2FA verification code.

How Hackers Manage To Bypass Google’s Two-Factor Authentication (3)

Earlier this week, Alex MacCaw, cofounder of data API Company Clearbit, tweeted a screenshot of a text message he had received attempting to trick its way past 2FA on a Google account.

The message reads as follows:

“(Google™ Notification) We recently noticed a suspicious sign-in attempt to [email protected] from IP address 136.91.38.203 (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you will receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.  ”

Here’s how the hacker’s trick works:

  • The hacker sends the target a text message, pretending to be the very company that the target has an account with.
  • The text message says that the company has detected “suspicious” activity to the target’s account and so is sending the 6-digit code to them, which the target user should then text back to them to avoid having their account locked.
  • The target user, worrying that they are being hacked and not wanting to lose access to their data, sends the code back, believing they have thwarted the attempted hack.
  • But in doing so, they actually provide the hacker with a security code to break into the account.
  • Subsequently, the hacker would enter the target user’s password, followed by this ill-gotten 2FA code, and access the account without the real user’s knowledge.

Fortunately, MacCaw was clever enough to spot their strategies and didn’t fall for this new type of social engineering hoax. However, if you are a Gmail user, you should be more careful as hackers are coming up with numerous techniques to gain access to your Gmail and Google accounts. And don’t text your 2FA codes to anyone, even if they appear legitimate.

9
Leave a Reply

avatar
8 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
8 Comment authors
HD WallpapersArun dominicJoelSusheel karamvipin nayar Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Venkat
Guest
Venkat

How the Hackers know my mobile Number to send a… Read more »

Muthu Ganapathy
Guest
Muthu Ganapathy

This doesn’t comes under hacking category.. This comes under fraud.

Susheel karam
Guest

Hi Ganapathy, It is indeed called as Hacking. It is… Read more »

Kloey Grant
Guest

Nice Information Thanks For Sharing with us.keep up it.

vipin nayar
Guest

Our security at risk, great post, thanks for sharing this… Read more »

Susheel karam
Guest

Well, That’s a social engineering attack. Almost of 90% of… Read more »

Joel
Guest

Nice Information Thanks For Sharing

Arun dominic
Guest

Chaithanya, this is a very informative post for keeping Gmail… Read more »

HD Wallpapers
Guest

Hey Admin! How Hackers Manage To Bypass Google’s Two-Factor Authentication… Read more »