Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Accounts. Show all posts
Technology Updates
Accounts Cybercrime. Cybercriminal. Cyberthreats Cyberhackers Gmail Privacy Technology Updates

Gmail Under Attack: Secure a Backup Account

 


Having access to a Gmail account in the present world is rather dangerous because hackers create new ways of penetrating the account, even if it at times employs a 2FA security feature. While methods like passkey sign-ins and secure browsing have been adopted by Google, risks like session cookie theft remain a reality. Google Chrome users may encounter a pop-up alert stating, “Your password was exposed in a non-Google data breach” in their web browser. This alert notifies users of recent security breaches that may have compromised their account passwords. 

With 2.5 billion active users, Gmail is a prominent target for hackers aiming to compromise accounts and access sensitive information. Reports of sophisticated cyberattacks, including session cookie theft and two-factor authentication (2FA) bypassing, are rising. To safeguard email security, users are advised to consider proactive measures, such as setting up a secondary Gmail account, as waiting to act may increase vulnerability to 2FA-bypass attacks. For many, the risk of account compromise is a growing concern, as hackers employ session cookie-stealing tactics to bypass even the most robust 2FA protections. 

Cybercrime agencies strongly encourage enabling 2FA, yet cybercriminals continue to evolve methods for evading these safeguards. Google has made significant strides in enhancing security through features like secure pass-key sign-in across devices and safe browsing protections for Chrome users. The problem remains that attackers are now leveraging sophisticated tools to penetrate even Google's advanced encryption measures taken to prevent cookie theft, despite Google's efforts to protect its users. 

Even though a secondary Gmail account should not be used directly as a preventative measure against 2FA bypass attacks, it can still serve as a valuable backup in the event of a breach of users' primary Gmail accounts. There have been numerous discussions about this approach among users, such as those on the Gmail subreddit, where some users have shared their experiences of their accounts being compromised despite having 2FA enabled on their accounts. Creating a new Gmail account does not guarantee immunity from attacks, but it is one of the best ways to secure and protect any emails which are important and often irreplaceable. 

For this new account, it is suggested that users use different methods to ensure the maximum level of security. Set up 2FA, as an example, using a standalone authentication app instead of sending an SMS to the same phone number on which 2FA will be activated. As much as possible, link a user's new account to a different device or unique information if possible. Initially, users will have to set up a Gmail account that will allow them to forward their emails to this new account once they are all set up, but once this is done they will automatically receive a copy of their emails sent through their main Gmail account. 

Using this approach, they will be able to access their emails even if anything should happen to their primary email account. As an extra layer of security, consider signing up for Google's Advanced Protection Program to ensure that users' accounts are more secure, adding multiple security layers that make it more difficult for anyone to access the accounts without permission. In the case that a hacker does manage to gain access to a customer's primary Gmail account, having a backup account means that they will have to hack an account separately in case of a breach.

In the unlikely event that something untoward happens, it's a comforting safety net to fall back on. As there are no fees associated with setting up a second Google account, users could set up a second one using Gmail, a free web-based email account. For added security, users should take the following steps: first, sign out from any existing Google accounts, then go to the Google Account sign-in page and click on “Create Account” for added security.

To ensure maximum security, users should consider using a different device for the primary account, so that it will not be compromised if a single point of failure is found. Furthermore, it would be beneficial to choose a second-factor code generator rather than 2FA via SMS, such as an authentication app, which uses a unique code generator to generate users' second-factor code, thereby enhancing the security of their account. 

In conclusion, one of the best ways to further isolate a new account from potentially compromised accounts is to use varied personal information when establishing it. There is no dearth of web-based email platforms, but with Google's free web-based Gmail service, it is incredibly easy to set up separate accounts for each user. It is common for users to lose count of how many different apps they have on their phones, even though they only use two or three of them regularly. 

To ensure that this new account is as secure as possible and less likely to be compromised by a threat actor who succeeded in attacking the original account, either use a password tied to an entirely separate device or use two-factor authentication where users use a standalone app to generate the 2FA code rather than text messaging to the same number they used before. Users should try and fill in as much information as possible when setting up a new account to avoid making it less unique. Once the secondary email account has been established, the next step involves setting up a forwarding rule within the original Gmail account. 

By doing this, users can ensure that a copy of each email is automatically sent to the secondary account, providing a reliable backup in case the primary account is ever compromised. Implementing this backup method is a proactive way to safeguard important information against unexpected events. Although having email forwarding in place adds an extra layer of security, it’s important to note that, even if a malicious actor gains access to the original account, the secondary account remains secure as a standalone entity. Since the two accounts are independent of each other, each would need to be compromised separately for a complete breach to occur. This setup minimizes risks and provides an effective, manageable backup. 

In an era of increasingly sophisticated digital threats, proactively securing Gmail accounts has become a crucial task for individuals and organizations alike. Setting up a secondary account with distinct, robust security measures enhances protection and acts as a safeguard for sensitive data. Users who adopt additional defences—such as two-factor authentication (2FA) and other advanced security practices—are in a far better position to counteract potential cyberattacks. Today’s threat landscape demands a strategic approach to email security, where even the most secure accounts can face risks. Through these proactive steps, individuals create a resilient backup framework, ensuring their data remains accessible and protected regardless of evolving threats.
Read more »
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
Systems
Accounts Breached Accounts Cybersecurity Data Breach Hacking PayPal Systems

PayPal Users Should Check Their Accounts

 


It seems that scammers never cease trying to con people. Keeping customers' information private and secure is of the utmost importance to companies, so they use many ways to protect against a breach in their network. 

Despite these digital blockades, hackers have tried to figure out ways to get around them. As the world learns more about the use of technology, the methods criminals employ to commit theft are also improving. 

Until a few years ago, banks and credit card companies were plagued by much more serious issues related to ID theft than they are today. 

There is the potential for a data breach to occur at any time. Banks and credit card companies must comply with higher standards of data security than companies in the private sector.  

Only a company can take all the necessary steps to safeguard the data of its customers and employees. Login and password restrictions are one of the most annoying things customers face when using their services. The most effective way to ensure the safety of your personal information is not to use your login username as your e-mail address if you are concerned about the security of your personal information. 

As a result, they are even more vulnerable to possible hacking attempts. To keep your password secure, you should never reuse it. The company provides you with a login portal. In this portal, you are told that you cannot use the same password you used in the past. This is intended to protect you and not to annoy you. However, when it says you cannot use a password, it can be quite frustrating. 

This message will appear if you use the same password for the company's portal more than once. This puts you at risk for hackers as you place yourself at risk by reusing passwords. Despite the inconvenience of having a unique login and password, it is better to do so than to face the consequences of identity theft or other financial scams. 

The PayPal System Has Not Been Hacked

There is no need for you to panic, even though you may feel that the headlines are leading you to believe PayPal has been hacked. The company's network has not been compromised. To pull off the scam, credentials were stuffed, which is the kind of fraud perpetrated. Hackers use many combinations of logins to find the true ones, and with password-guessing techniques, they discover the original logins. In other words, it is a kind of onslaught attack against the network, but it does not break the system that protects the company's information and assets. A scammer finds the usernames for other companies that may or may not be as secure as the company in which they are located. This is done for the sake of cross-checking the usernames. 

A company that cleans houses and allows customers to have some login username and password will not have the same kind of data protection as PayPal (PYPL), which was designed to have robust protection for its users and data. There is a much higher chance of hackers being able to break into a less secure company data network. This is because the same login username is used by PayPal and the cleaning companies' customer portals. 

In this way, the hacker will be able to get access to passwords. Hackers use the data they collect to break into broader, safer networks, having access to this kind of data provides them with more opportunities to break into other websites and hack their data. 

It is only one hurdle scammers need to overcome if they wish to gain access to a unique username and password for the site. Having two-factor authentication does not necessarily mean that crooks cannot get through, but at least they will be slowed down. There were about 35,000 PayPal accounts that were hacked by these scammers in December by acquiring authentic usernames for these accounts. 

PayPal Can Assist in Repairing Breached Accounts  

As a result of this latest credential-stuffing attack, PayPal has contacted 34,942 customers whose accounts have been compromised. As part of this presentation, they learned how to better protect themselves and their accounts against cyberattacks in the present as well as in the future. Sometime between the 6th of December and the 8th of December last month, PayPal's customer accounts were compromised by an attacker. There was no notice of the breach until mid-December. 

It is also imperative for customers to use unique usernames and passwords for all of their online accounts to help protect themselves and their accounts. While having original passwords and usernames is a time-consuming and sometimes inconvenient process, it is also one of the easiest and most cost-effective ways to protect individuals' digital identity and their personal information in the digital world. As reported by CNET, Equifax by PayPal company has also offered two years of free identity theft monitoring to affected accounts. 
Read more »
Subscribe to: Posts (Atom)