How To Bypass Two Factor Authentication Of Gmail Account Using Advance Phishing Technique

According to citizen lab,Iranian hackers have developed a sophisticated phishing scam to takeover Gmail accounts by bypassing the two factor authentication.Citizen lab published a report at the university of Toronto’s Munk School of Global Affairs.This is not the first time when hacker used the phishing page to hack the victim account. Few days ago,Elastica Cloud Threat Labs discovered a deployed phishing page on Google Drive


Phishing page developed by Iranian hackers is advance as it has capabilities to obtain the Credential and One-Time-Password of victim account.The Iranian hackers used phone and email to bypass Google’s two-factor authentication system and take over the victim’s Gmail account.

The recently discovered attacks on Gmail accounts start with text messages that pretend to be sent from Google. The messages warn users that of "unauthorized access to their Gmail accounts is detected.To protect your account Please Reset your gmail account password".

Attack Scenario

First attacker send a fake “password-reset” SMS to victim when victim click on bogus password-reset page.Victim redirected to phishing page.The reset pages simulate the Gmail 2-step login process to the victim. The attacker uses the victim’s input to login Gmail account.The attacker login attempt trigger Google to send a genuine 2 factor authentication code to the victim.When victim insert the two factor authentication code,it is inserted in the fraudulent page.By using this phishing page attacker can easily obtain 2 factor auth code and have access the victim account. Why this phishing page is advance because it has capabilities to phish both the user password and the Two factor authentication "one-time password" used by Google.
Gmail-phishing-mail-draft

To mitigate the danger of exposure to such attacks it's always preferable to enable two-factor authentication for each on-line service.

Experts suggest that an easy way to discover the fake password reset pages is to check the URL searching for the https:// prefix, sadly I inform you that this isn’t a whole defense against phishing attacks as a result of this type of offensive is additionally exploiting HTTPs connections.

Post a Comment

0 Comments