Hackers Use Phishing Emails to Harvest Two-Factor Gmail Codes

Hackers Use Phishing Emails to Harvest Two-Factor Gmail Codes

Conventional wisdom says that adding two-factor authentication (2FA) will keep your accounts safe from most phishing scams, but a new wave of sophisticated automated attacks is reminding us that 2FA isn’t infallible. As with all security measures, it’s only as secure as the weakest link — the human one. The new phishing campaign tricks people into handing over their account details and their 2FA tokens.

The report comes from Amnesty International, which doesn’t usually publicize cybersecurity news. In this case, Amnesty has a stake in things because the attacks have mainly targeted activists and journalists in the Middle East and North Africa. As Amnesty explains, there are several distinct phishing campaigns ongoing that are likely linked.

In the most sophisticated campaign, the attackers have targeted hundreds of Yahoo and Google accounts used by activists. The goal is to bypass two-factor protections and gain access to the account. Examining the suspicious emails flagged by activists in 2017 and 2018, Amnesty found links that claim to be security alerts. However, they redirect to a fake page that harvests account details. That’s not unique, but the next phase steps it up.

After the target entered a username and password, the malicious sites would remotely log into the account. It then requested a code via SMS if the account had two-factor enabled. The fake site asked for the code, which wouldn’t seem out of the ordinary — you’d have to put a 2FA code in during a normal login. However, the malicious site used that code to log into the account remotely before the token expired. The user would be prompted to change their password, which the attacker would then save for later use.

A fake Gmail login page requesting the 2FA code.
A fake Gmail login page requesting the 2FA code.

The second and third campaigns used similar tactics but focused on users of the encrypted email services Protonmail and Tutanota. In both cases, the attackers registered seemingly authentic domains with fake login pages. These domains have since been shut down.

Amnesty International believes Gulf states are behind the phishing campaigns, hoping to gather information on dissidents and protesters in their countries. Let this be a reminder that two-factor authentication is not a silver bullet. You still need to be wary of emails with links to external pages. You should only input your account credentials on sites that you have confirmed are the real deal.

Continue reading

Nvidia: RTX 3000 GPUs Will Remain Hard to Find Into 2021
Nvidia: RTX 3000 GPUs Will Remain Hard to Find Into 2021

There's no hope for a near-term improvement in RTX 3000 GPU availability. Shortages will likely continue through the end of this year and into the beginning of 2021.

NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix
NASA’s Mars Helicopter Remains Grounded Awaiting Software Fix

NASA previously said the Ingenuity helicopter would take to the Martian skies over the weekend, but the agency announced late Friday that liftoff was delayed until at least April 14 because of a software issue.

Nvidia Confirms GPUs Will Remain Scarce Through End of 2021
Nvidia Confirms GPUs Will Remain Scarce Through End of 2021

Nvidia reports that the GPU shortage is likely to persist through the end of 2021, though the company expects to report "sequential growth" each quarter this year.

AMD Shows Off Zen 4 Overclocking, But Questions Remain
AMD Shows Off Zen 4 Overclocking, But Questions Remain

AMD has released a morsel of info about Zen 4's overclocking abilities, but as we said before, we'll believe it when we see it.