Get Started Today!  (813) 749-0895    SEARCH SITE

IT Professional Services and Business Continuity

Symmetric Engineering Group Blogs

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

With Phishing Attacks Beating 2FA, You Need to Be Able to Spot Them

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are a few different methods that have been leveraged to bypass the security benefits that 2FA is supposed to provide.

On a very basic level, some phishing attacks have been successful in convincing the user to hand over their credentials and the 2FA code that is generated when a login attempt is made. According to Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing, yet fake, page to reset their Google password. In some cases, fake emails like this can look very convincing, which makes this scheme that much more effective.

As Amnesty International investigated these attacks, they discovered that the attacks were also leveraging automation to automatically launch Chrome and submit whatever the user entered on their end. This means that the 30-second time limit on 2FA credentials was of no concern.

In November 2018, an application on a third-party app store disguised as an Android battery utility tool was discovered to actually be a means of stealing funds from a user’s PayPal account. To do so, this application would alter the device’s Accessibility settings to enable the accessibility overlay feature. Once this was in place, the user’s clicks could be mimicked, allowing an attacker to send funds to their own PayPal account.

Another means of attack was actually shared publicly by Piotr Duszyński, a Polish security researcher. His method, named Modlishka, creates a reverse proxy that intercepts and records credentials as the user attempts to input them into the impersonated website. Modlishka then sends the credentials to the real website, concealing its theft of the user’s credentials. Worse, if the person leveraging Modlishka is present, they can steal 2FA credentials and quickly leverage them for themselves.

How to Protect Yourself Against 2FA Phishing

First and foremost, while it isn’t an impenetrable method, you don’t want to pass up on 2FA completely, although some methods of 2FA are becoming much more preferable than others. At the moment, the safest form of 2FA is to utilize hardware tokens with U2F protocol.

Even more importantly, you need your entire team to be able to identify the signs of a phishing attempt. While attacks like these can make it more challenging, a little bit of diligence can assist greatly in preventing them.

When all is said and done, 2FA fishing is just like regular phishing… there’s just the extra step of replicating the need for a second authentication factor. Therefore, a few general best practices for avoiding any misleading and malicious website should do.

First of  all, you need to double-check and make sure you’re actually on the website you wanted to visit. For instance, if you’re trying to access your Google account, the login url won’t be www - logintogoogle - dot com. Website spoofing is a very real way that (as evidenced above) attackers will try to fool users into handing over credentials.

There are many other signs that a website, or an email, may be an attempt to phish you. Google has actually put together a very educational online activity on one of the many websites owned by Alphabet, Inc. Put your phishing identification skills to the test by visiting https://phishingquiz.withgoogle.com/, and encourage the rest of your staff to do the same!

For more best practices, security alerts, and tips, make sure you subscribe to our blog, and if you have any other questions, feel free to reach out to our team by calling (813) 749-0895.

Tip of the Week: Match Word to Your Style
Analytics Can Fool You
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, April 20 2019

Captcha Image

Search

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week IT Services IT Support Technology Best Practices Business Computing Managed IT Services Cloud Email Privacy Hackers Malware IT Infrastructure Management Hosted Solutions Business Continuity Internet Productivity IT Companies in Tampa Business Data Data Backup Software IT Support Services Business Mobility Outsourced IT Microsoft Business IT Solutions Network Security I.T. Management Productivity IT Professional Services Managed Service Provider Computer Mobile Devices Custom Business Solutions Data Recovery IT Management Tech Term Innovation IT Business Solutions Ransomware Business Applications Google Cloud Computing Hardware Upgrade User Tips Android Technology Consultants Managed IT Service Business IT Support Managed IT IT Support Windows 10 Internet of Things Workplace Tips Windows Disaster Recovery Managed IT Service in Florida Managed Services in Florida I.T. Support Efficiency Business Management Remote Monitoring Small Business Communication Collaboration I.T. Services Dynamic Solutions Phishing IT Support Services in Tampa IT Risk Management Browser Backup Encryption Server Microsoft Office IT Outsourcing in Tampa IT Services in Florida Smartphones Data Management Holiday Smartphone Network Gmail IT Service Passwords Social Media communications IT Support in Tampa Paperless Office Managed IT Services Cybersecurity Save Money Managed Services Windows 10 Artificial Intelligence VoIP BYOD App IT Managed Services Mobile Device Office 365 Mobile Device Management Managed Services in Tampa Bay Vendor Management Tech Companies in Tampa Antivirus Employer-Employee Relationship Chrome Operating System BDR Unified Threat Management Website Applications Automation IT Services in Tampa Bring Your Own Device Compliance Firewall Customer Relationship Management Tampa IT Support Bandwidth Risk Management Analytics Tip of the week IT Outsourcing in Florida Government Quick Tips Wi-Fi Managed Service IT Service Management Information Data Computer Services IT Company Business Plan Document Management Word Two-factor Authentication IT Vendor Management Project Management Scam Content Filtering Vulnerability IT Outsourcing Business IT Support Services Apple Settings Saving Money Business Technology Small Business IT Solutions Facebook Infrastructure Managed Service in Tampa Healthcare Computer Networking Computer Hardware Repair Wireless Technology SaaS Router Retail WiFi Customer Service Hosted Solution Net Neutrality Office Data loss Data storage IT solutions Storage Regulations Tablet Unified Communications Apps Help Desk Miscellaneous IT Management Services Telephone Systems The Internet of Things Big Data Remote Computing Maintenance IT Company Data Security Blockchain VPN Robot Wireless Mobile Computing Money Remote Workers Printing Administration Uninterrupted Power Supply End of Support Google Drive Computer Support Downtime Machine Learning Computer Network Services Mouse Licensing Training Outlook I.T. Company Business Application Redundancy Social Virtual Desktop Flexibility Computer Networking Services Office Tips IoT How To YouTube Access Control HIPAA Patch Management Software as a Service File Sharing Computing Employees Digital Payment Server Management Search Internet Exlporer Virtualization Company Culture Network Management Monitors Users Spam Budget User Error Alert Files IT Consulting Networking Mobile Security Virtual Private Network Solid State Drive Managed IT Outsourcing Assessment Proactive LiFi Smart Technology Network Congestion Recovery IT Support Helpdesk Business Continuity Services Presentation Virtual Reality Politics Information Technology Mobility Microsoft Virtual Server Hosting in Tampa and Florida Augmented Reality IT Companies in Florida Management IT Management Service Remote Monitoring and Management IBM Laptop G Suite IT Consulting Service Health Corporate Profile Buisness Database Techology Language Vulnerabilities Authentication Outsourced Computer Support Fun Cyber Monday WPA3 Financial Address IT Service in Tampa Jobs Notes Typing Lenovo Permissions Server Hosting in Tampa Enterprise Resource Planning Password Bookmarks Google Calendar Chatbots Help Desk Support Automobile Computers Business IT Solutions Experience Deep Learning Break Fix Connectivity Point of Sale Hard Drive Features Service IT Hacker Printer Wearable Technology Hacking Permission Shortcut Modem WannaCry Trending Voice over Internet Protocol Disaster Resistance Computing Infrastructure Geography Authorization Servers Fleet Tracking Undo Procurement Hard Disk Drive Electronic Medical Records Halloween PowerPoint Superfish Fraud Mobile Favorites Time Management Co-managed IT Legislation Identity Google Docs Display Full Service IT Dark Web Samsung Healthcare IT Cache Electronic Health Records IT Solutions for Small Business IT Support Companies in Tampa Save Time Test Software Tips Cookies Managed it Services in Tampa Travel Application Cryptocurrency Humor Monitoring Domains CIO Windows 7 Proactive IT Alerts Chromebook History High-Speed Internet User Business Growth Asset Tracking Competition Security Cameras Data Technology Scary Stories Professional Services Server Hosting IT Tech Support Hacks Best Practice Conferencing Identity Theft Comparison IT Vendor Management in Tampa Sync Identities Data Warehousing Intranet Recycling Cyberattacks Computer Care Firefox Microsoft Affiliate Program SharePoint IT Technicians IT Support and Solutions Private Cloud Backups Digital Signature MSP Hard Drives RMM Technology Tips Nanotechnology Managed Service Providers Bitcoin Star Wars Consulting Public Speaking VoIP Transportation Data Breach Cooperation Managed Services in Floirda Google Wallet Disaster Development Avoiding Downtime Zero-Day Threat Statistics Business Continuity Service Providers OneNote Remote Worker Writing Sports Virtual Assistant Computer Repair Technology Consulting Firms Current Events Managing Stress Heating/Cooling Instant Messaging Touchscreen Server Hosting in Florida Specifications Social Networking Network Support in Florida USB Mobile Device Managment Cabling Microsoft Excel eWaste Read Only Microsoft Business Solutions Safety Marketing Downloads Mirgation IT Managed Service in Tampa Information Technology Consulting Legal Tech Terms Cortana Screen Reader Tech Company in Tampa Meetings Windows 8 Professional Service Utility Computing Programming Managed Services Provider Digital Dark Data Technology Laws Staff IT Company in Tampa Websites Drones Gadgets Cables Backup and Disaster Recovery Google Maps Bluetooth Employee-Employer Relationship ROI Social Engineering Wasting Time Hotspot Going Green Enterprise Content Management Finance Tampa IT Services Education Black Friday Motherboard Cost Management Theft Mail Merge Careers Alt Codes Top IT Outsourcing Company Consultation Multi-Factor Security Migration Help Desk Support in Tampa IT Consulting Services Knowledge Distributed Denial of Service Smart Tech IT Managed Service Provider Tech Support E-Commerce Spyware Consulting Services Unified Threat Management Operations Managed Service in Florida Wires Human Error Health Care IT Services Telephony Supercomputer Saving Time Running Cable Congratulations I.T. Managament Tracking Processors Virus CrashOverride 3D Printing Shared resources Emoji Black Market Update IT Budget Managed Servers Work/Life Balance 5G Business Appplications Administrator Web Server Cleaning IP Address Relocation Regulation Law Enforcement Notifications Unsupported Software Mobile Office Motion Sickness Cameras Physical Security Hiring/Firing Lithium-ion Battery Emergency Gadget Personal Information Staffing Mobile Data Error IT Consultant Refrigeration CCTV How To Students Cybercrime Thank You Crowdsourcing Printers GPS Public Cloud Twitter Webcam Taxes Upgrades Teamwork Botnet

Latest Blog Entry

If your business is one that depends on transportation, you know that coordination is extremely important. With consumers’ reliance on a company’s distribution arm, today’s companies are turning old practices on their heads and utilizing a more technology-driven approach to ...

Latest News

SEG Awarded Small Business of the Year Award!

Symmetric Engineering Group was awarded the Upper Tampa Bay Chamber Small Business of the Year Award for their understanding technical service and support throughout the Tampa Bay area

Read more ...

Account Login