Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label 2FA bypass. Show all posts
Gmail Hack
2FA 2FA bypass Cyber Security Data Recovery email database discovery Gmail checkmark system Gmail Hack

How to Recover a Hacked Gmail Account Even After a Security Breach

 

Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and recovery options have been altered. Google’s account recovery system is designed to assist users in situations where hackers manage to bypass protections, such as two-factor authentication (2FA). The key is to begin the process from a device and location you frequently use to access your Gmail account. This could be your home or workplace, using the same browser or device. Providing as much accurate information as possible, such as previous passwords, is critical to proving ownership of the account and speeding up the process. 

There’s also a delay system in place that can put recovery requests on hold for a few hours or even several days, depending on the level of risk involved. While frustrating, this measure is a security feature designed to protect accounts from unauthorized access. If acted upon quickly, users may still be able to recover their account using the original recovery information, such as a phone number or email address, for up to seven days after the details are changed. 

If recovery through Google’s automated system is proving difficult, users with linked YouTube accounts have sometimes found success by contacting YouTube support. Social media channels have also proven helpful in expediting the recovery process in more complex cases.  

The question remains, how do hackers bypass Gmail’s security systems? One common method is session cookie theft, which involves stealing the data that keeps users logged in after 2FA has already been verified. By taking over these session cookies, hackers can change your account’s security settings without needing to go through 2FA again. 

To protect against these types of attacks in the future, Google recommends steps like using passkeys, which are more secure than SMS-based 2FA. Passkeys are resistant to phishing and hacking attempts that steal session cookies. Additionally, Google has implemented protective measures like frequent cookie rotation and device-bound session credentials to limit the effectiveness of such attacks. Taking proactive steps like enabling these features and always monitoring account activity can help you avoid falling victim to similar hacking attempts in the future.
Read more »
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
Phishing Attack
2FA bypass backup codes theft Cyber Fraud Instagram security online account protection Phishing Attack

Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection

 

A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication safeguarding users' accounts.

Two-factor authentication is a security layer demanding an extra form of verification during login. This commonly involves one-time passcodes sent via SMS, codes from authentication apps, or hardware security keys. Employing 2FA is crucial in shielding accounts in the event of compromised credentials, requiring a threat actor to access the user's mobile device or email to gain entry.

Instagram, when enabling 2FA, provides eight-digit backup codes as a fail-safe for scenarios like changing phone numbers, losing a device, or email access. However, these backup codes pose a risk if obtained by malicious actors, enabling them to seize Instagram accounts using unauthorized devices by exploiting the user's credentials, acquired through phishing or unrelated data breaches.

The phishing tactic involves sending messages alleging copyright infringement, claiming the user violated intellectual property laws, resulting in account restrictions. Users are then prompted to click a button to appeal, leading them to phishing pages where they unwittingly provide account credentials and other information.

Trustwave analysts discovered the latest iteration of this attack, where phishing emails mimic Meta, Instagram's parent company. The deceptive email warns users of copyright infringement complaints and urges them to fill out an appeal form to address the issue. Clicking on the provided button redirects the victim to a fake Meta violations portal, where they are prompted to click another button, purportedly for confirming their account.

This second click redirects to another phishing page resembling Meta's "Appeal Center" portal, prompting victims to input their username and password twice. After acquiring these details, the phishing site requests confirmation of 2FA protection and, upon affirmation, demands the 8-digit backup code.

Despite identifiable signs of fraud, such as misleading sender addresses and URLs, the convincing design and urgency of the phishing pages could still deceive a significant number of targets into divulging their account credentials and backup codes.

The importance of safeguarding backup codes is emphasized, with users advised to treat them with the same level of confidentiality as passwords. It is emphasized that there is never a legitimate reason to enter backup codes anywhere other than the official Instagram website or app, as a precaution against falling victim to such phishing campaigns.
Read more »
Subscribe to: Posts (Atom)