Mumbai: Hackers have devised a new trick that can fool users into revealing their Google two-factor authentication codes without any knowledge of the occurrence.
According to reports, 2FA or two-factor authentication is a double-layered authentication process, supported by numerous online services, including big banks, Google, Facebook, and even the government.
During the process, if the user enters a wrong code, the login is classified as an attempt to hack, and the user is subsequently blocked from accessing the account, even if they entered the correct password. So it is very difficult to bypass and the security benefits are huge.
However, hackers have slyly managed to trick users by sending them an SMS posing as Google, asking for the 2FA verification code. Last week, an user named Alex MacCaw, tweeted an image of the SMS he received. He said: “Be warned, there's a nasty Google 2 factor auth attack going around.”
Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC
— Alex MacCaw (@maccaw) June 4, 2016
This clearly showed that the attackers were carrying out illegal logins from another location so that the targeted user gets a verification code and sends the 6-digit code to them. Subsequently, the hackers would use the 2FA code in the login page and access the account with out the real user’s knowledge.
While MacCaw was clever enough to spot the tricky, you should be careful as hackers are coming up with numerous techniques to access your social and financial accounts.
