About Us

IT Services

Electronic Security

Knowledge Center

News & Events



Contact Us

  • Register

Prosper Solutions Blog

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

What has proven to be one of the more effective ways of preventing phishing attacks may be under fire from more advanced threats designed specifically to penetrate the defenses of two-factor authentication. This means that users need to be more cognizant of avoiding these attacks, but how can you help them make educated decisions about this? Let’s start by discussing the phishing attacks that can beat 2FA.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are several methods used by hackers to bypass the security benefits of 2FA. Some phishing attempts have managed to find success in convincing users to have over both their credentials and the 2FA code that is generated by a login attempt. As reported by Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing fake page to reset their Google password. Sometimes fake emails can be quite convincing, making the trickery much more difficult to identify.

As Amnesty International looked into the attacks, they found that the attacks were using an automated solution to launch Chrome and submit information the user entered into their end. This meant that the 30-second time limit imposed by 2FA was of no concern.

In November 2018, an application on a third-party app store posed as an Android battery utility tool was found to be stealing funds from a user’s PayPal account. The application would change the device’s Accessibility settings to enable an accessibility overlay feature. Once it was in place, the user’s clicks would be mimicked, giving hackers the ability to send funds to their own PayPal account.

Yet another method of attack was shared publicly by Piotr Duszynski, a Polish security researcher. This method, named Modlishka, created a reverse proxy that intercepted and recorded credentials as the user attempted to plug them into an impersonated website. Modlishka would then send the credentials to the real website to hide the fact that the user’s credentials were in fact stolen. Even worse yet, if the person using Modlishka is nearby, they can steal the 2FA credentials and use them very quickly.

Protect Yourself Against 2FA Phishing Schemes

The first step toward preventing 2FA phishing attacks is to make sure you actually have 2FA implemented in the first place. While it might not seem like much of a help (after all, these attacks are designed to work around them), it is much preferable to not having 2FA at all. The most secure method of 2FA at the moment uses hardware tokens with U2F protocol. Most important of all, however, is that your team needs to be trained on the giveaway signs of phishing attacks. With these attempts that target 2FA solutions, it might not be immediately apparent, which is why it’s all the more important to remain vigilant.

At its heart, 2FA phishing is just like regular phishing, plus an additional step to bypass or replicate the secondary authentication method. Here are a few tips to ensure best practices are followed regarding phishing attempts:

  • First, check to make sure that the website you’re using is actually the one it claims to be. For example, if you’re logging in to your Google account, the login URL wouldn’t be something like logintogoogle.com. You wouldn’t believe how often spoofers will fool users in this way.
  • To help you better understand other signs of phishing attacks, check out this phishing identification skills quiz by Alphabet, Inc. We encourage your staff also look into it.

To learn more about phishing attacks, be sure to subscribe to our blog.

Tip of the Week: Using Cloud Services for Your Bus...
Interpreting Analytics Isn’t Always Cut and Dry


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, April 23, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Telephone outsource cloud computing Windows 7 Social clout services Accountants A.I. Rapid City iPhone Application Hard Drive Voice over Internet Protocol Specifications SSID Net Neutrality Update Gadgets Remote Computing Digital Legal Fileless Malware Text Messaging Work/Life Balance Health IT Tip of the week Fake News Private Cloud Website Gamification Addiction Business Intelligence Automation cloud storage Intranet Tracking DDoS Data Security Phishing Technology Tips Google Play Patch Management eWaste Software as a Service Keyboard Disaster Network Congestion GDPR In Internet of Things Business Mangement Law Enforcement Society G Suite Windows 8 uptime Web Server Collaboration Consultation CrashOverride Data storage Electronic Payment Browsers Users Outsourced IT Maintenance Taxes Virtual Reality Vendor Management Encryption Content Managed IT Service the Internet of Things WiFi Solid State Drive Content Filtering Username File Sharing Managing Stress Navigation Unified Threat Management Hard Drive Disposal Fiber-Optic Computers Reliable Computing Data Warehousing History Skype Company Culture Freedom of Information Computing Infrastructure Bitcoin Computing Rental Service Marketing communications Twitter Business Cards Management Government Lithium-ion battery Small Business Printer Running Cable Staffing Books Download Windows10 Retail Printers Computer Malfunction Migration Micrsooft Proxy Server Heating/Cooling Mobility Current Events Permissions Tactics Uninterrupted Power Supply IT Consultant Tip of the Week Productivity Cleaning Social Engineering Automobile Writing Black Market Settings Business Management Touchscreen Securty App Legislation Knowledge Project Management Thank You Emergency Fraud Virtual Desktop Business Continuity Augmented Reality Cooperation Unified Threat Management User Tips Memory Chrome IT Support Holiday Worker Education Gmail hardware Internet of Things HIPAA Network Security Managed Service Provider HTML Start Menu Training Computer Smartphones IT Going Green Cost Management Employer Employee Relationship Printing Bring Your Own Device Managed IT Downloads Wi-Fi Citrix Xenapp Competition Customer Service Storage Managed IT Services User Tip Wireless Technology Remote Monitoring Cryptocurrency Telephony SharePoint Facebook Mobile Security Backup and Disaster Recovery Workplace Tips Vendor Mangement Security Data Breach Google Drive Connected Devices Device security Data Analysis Data Management Communication Television Telephone Systems Hacking Mobile Devices Search Troubleshooting SaaS Co-Managed IT Social Network Botnet Regulation Spam Enterprise Resource Planning Hosted Solutions Firewall Chamber Integration Document Management Managed Service Corporate Profile Efficiency Robot Best Practice Windows XP Human Resources Cybercrime Error Trending Data Recovery Data Machine Learning Paperless Office Scam Domains Administrator Mobile Device Management Processor Hard Drives Server Assessment Customer Resource management Statistics Network Distribution Entrepreneur PDF Relocation Computer Care Google Wallet Help Desk BYOD IT Plan Messenger Database Tablets outsource cloud storage Experience Dark Web Data Backup Read Tablet Tech Support Email User Information Technology switches Best Available Apps Hackers Malware Mouse IP Address Word Microsoft Mobile Device Public Speaking Computer Accessories Evernote Workers Professional Services Displays Presentation UTM Passwords Windows Samsung Solutions Health WannaCry Virus Gaming Console Physical Security Analytic Banking Antivirus Multi-factor Authentication Environment IT Support cloud Two-factor Authentication Business Bata Backup Term Internet IT service Digital Signature Hacker Monitoring Safety cyber security Distributed Denial of Service Budget Software License Cache Startup Downtime Sports User Error Hiring/Firing LiFi Cybersecurity Bookmark IT Management Risk Management Emails Travel Value Google Maps Processors Laptop Unified Communications Business Technology BDR Nanotechnology Shortcut Microsoft Excel Analytics Monitors Microchip PowerPoint Browser Outlook Teamwork Social Media Healthcare Cabling Politics Bandwidth Mobile Payment Medical IT Scalability Hosted Solution Data Loss Finance Office Tips 3D Printing CCTV Operating System email scam Big data Artificial Intelligence Pain Points Saving Time Inbound Marketing cloud computing Vulnerability Business Growth Flash Piracy YouTube Alert Networking Compliance Hacks Mobile Technology Transportation Electronic Medical Records Programming Vulnerabilities Drones VoIP Electricity Virtual Assistant Windows Server 2008 Google Docs Miscellaneous End of Support Conferencing IBM Virtualization Privacy Microsoft Office Administration Software Equifax Computer Repair Applications Google Calendar Webcam Redundancy Congratulations Meetings Cortana Directions Flexibility Cost Deep Learning Mobile Computing Password Router Backup Technology Wireless Headphones Patching Productuvuty Smartphone Tech Access Money Managed IT services Business Computing Saving Money Visible Light Communication Smart Tech News Blockchain Tech Term Logistics Licensing IT Services Public Cloud Time Management Apple Avoiding Downtime Vendor Security Cameras Proactive IT Product Reviews Office Save Money Productivity Notifications Wireless Identity Theft Phone System Asset Tracking Employer-Employee Relationship Telephone System Language Motion Sickness Best Practices Streaming Media Service Level Agreement Devices Fleet Tracking VoIP Data Protection Android Sync Upgrades Upload Disaster Recovery Chromebook Comparison Office 365 Business Metrics Social Networking Google Customer Relationship Management Network Management Reading Windows 10 Multi-Factor Security Access Control Save Time Bluetooth Trends Hack Digital Payment Music MSP Ransomware How To Desktop VPN Capital Spyware Regulations Excel Upgrade IT consulting Modem Recovery Tech Terms Audit USB Supercomputer Entertainment Advertising Windows 10 Processing Microsoft 365 Screen Reader Quick Tips CIO Documents Information Business Owner Websites Innovation

Latest News & Events

Prosper Solutions is proud to announce the launch of our new website at http://www.prospersolutions.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Prosper Solutions can do for your business.

Call Us Today
Call us today
(617) 369-9977

150 Eastern Ave, Second Floor
Chelsea, Massachusetts 02150