Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

Logo

 
 Popular Services
 (347) 830-7322

Logo

 

Tekie Geek Blogs

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

What has proven to be one of the more effective ways of preventing phishing attacks may be under fire from more advanced threats designed specifically to penetrate the defenses of two-factor authentication. This means that users need to be more cognizant of avoiding these attacks, but how can you help them make educated decisions about this? Let’s start by discussing the phishing attacks that can beat 2FA.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are several methods used by hackers to bypass the security benefits of 2FA. Some phishing attempts have managed to find success in convincing users to have over both their credentials and the 2FA code that is generated by a login attempt. As reported by Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing fake page to reset their Google password. Sometimes fake emails can be quite convincing, making the trickery much more difficult to identify.

As Amnesty International looked into the attacks, they found that the attacks were using an automated solution to launch Chrome and submit information the user entered into their end. This meant that the 30-second time limit imposed by 2FA was of no concern.

In November 2018, an application on a third-party app store posed as an Android battery utility tool was found to be stealing funds from a user’s PayPal account. The application would change the device’s Accessibility settings to enable an accessibility overlay feature. Once it was in place, the user’s clicks would be mimicked, giving hackers the ability to send funds to their own PayPal account.

Yet another method of attack was shared publicly by Piotr Duszynski, a Polish security researcher. This method, named Modlishka, created a reverse proxy that intercepted and recorded credentials as the user attempted to plug them into an impersonated website. Modlishka would then send the credentials to the real website to hide the fact that the user’s credentials were in fact stolen. Even worse yet, if the person using Modlishka is nearby, they can steal the 2FA credentials and use them very quickly.

Protect Yourself Against 2FA Phishing Schemes

The first step toward preventing 2FA phishing attacks is to make sure you actually have 2FA implemented in the first place. While it might not seem like much of a help (after all, these attacks are designed to work around them), it is much preferable to not having 2FA at all. The most secure method of 2FA at the moment uses hardware tokens with U2F protocol. Most important of all, however, is that your team needs to be trained on the giveaway signs of phishing attacks. With these attempts that target 2FA solutions, it might not be immediately apparent, which is why it’s all the more important to remain vigilant.

At its heart, 2FA phishing is just like regular phishing, plus an additional step to bypass or replicate the secondary authentication method. Here are a few tips to ensure best practices are followed regarding phishing attempts:

  • First, check to make sure that the website you’re using is actually the one it claims to be. For example, if you’re logging in to your Google account, the login URL wouldn’t be something like logintogoogle.com. You wouldn’t believe how often spoofers will fool users in this way.
  • To help you better understand other signs of phishing attacks, check out this phishing identification skills quiz by Alphabet, Inc. We encourage your staff also look into it.

To learn more about phishing attacks, be sure to subscribe to our blog.

Tip of the Week: Using Cloud Services for Your Bus...
Interpreting Analytics Isn’t Always Cut and Dry
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, April 19, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Cybercrime Equifax Samsung Google Maps Settings Printers Chromebook data loss Hardware Solutions Hard Drive Tip of the Week Windows XP Health Workers Digital Payment Big Data Education VPN VoIP Robot Patch Management App Evernote Hosted Solutions IT Management Devices Administration managed it services Documents Screen Reader Hardware Managing Stress Reliable Computing Hacks Efficiency Save Money Multi-Factor Security Social Network Data Security Smartphone Health IT Hosted Solution Apps Data Analysis Browsers Safety Text Messaging Company Culture Smartphones WiFi CryptoLocker Best Practice computer support firms Voice over Internet Protocol Management VoIP History Device security IT support NYC computer support Managed IT Services Employer-Employee Relationship 3D Printing Vendor Mangement Legislation Managed Service Provider Remote Monitoring Supercomputer Tech Support IBM Tablets Retail IT support Cache Software as a Service Language Telephony Database Productivity Windows 10 Staffing Staten Island tech support Encryption Legal Mobile Device datto Google Wallet User Tips Running Cable Two-factor Authentication Router Communication Google Google Play Going Green Spam Automobile Upload IT support Staten Island Access Control Facebook IT consulting firms Bluetooth Virtualization User Tip managed IT services NYC Android Solid State Drive Mobile Security Conferencing Digital Network Management Tracking Machine Learning Streaming Media Unified Communications Hard Drive Disposal Proxy Server Customer Resource management Monitors Displays Electronic Medical Records Access Mobile Devices Fileless Malware Knowledge Cybersecurity Deep Learning Hackers Network Bring Your Own Device Tech Managed IT Paperless Office Motion Sickness Vendor Startup Office Music Microsoft Office Computing Gmail IT consulting end-user files Computers IT consulting Staten Island Printing IT services Staten Island Transportation iPhone Search Accidental deletion Workplace Tips Scam The Internet of Things staten island managed services communications Tech Term Excel Specifications Compliance tech support SSID Integration How To Securty Wi-Fi Data Breach Printer Network Congestion Tip of the week Drones Webcam Lenovo Notifications Cleaning Comparison PowerPoint Cloud computing Staten Island Nanotechnology Data Small Business Bandwidth Mobile Technology Email Computing Infrastructure Antivirus Employer Employee Relationship Hiring/Firing Vendor Management Administrator Downloads Domains File Sharing Error Accountants data recovery Malware Vulnerability Sports Miscellaneous Website Data Management Windows 8 today ’s organizations Thank You IT consulting Staten island Medical IT ransomware attacks Term Best Practices Money Microsoft 365 News managed services Staten Island Work/Life Balance Mouse Wireless Technology Piracy Hacking BYOD Firewall Information Technology Office 365 Advertising malware Hard disk Networking Computer Care computer services Staten Island IT services NYC Content Filtering Business IT services New York City Augmented Reality Artificial Intelligence Software Laptops Gadgets Start Menu Business Mangement Google Drive Cabling Training Television Modem Touchscreen Trends Mobile Device Management Telephone Systems Virus Twitter Business Management Unified Threat Management Customer Service Entertainment Government Hack Budget Writing Downtime Unified Threat Management Powerful Technology Solutions Staten Island IT support IT support Staten Islans Rental Service Apple Tech Terms Data storage Staten Island computer support Meetings Emergency Passwords Content G Suite Spyware Project Management malware worms Upgrade PDF Distributed Denial of Service computer repair IT consulting company HTML Virtual Assistant DDoS Cloud Redundancy Black Market Processor Scalability email scam Backup Service Level Agreement Recovery Network Security Cooperation Hacker eWaste Uninterrupted Power Supply Society Outsourced IT computer services computer repair Staten Island Username Private Cloud Social SaaS IT Support Automation Managed IT Services Bitcoin Workstations Corporate Profile Worker Wireless Headphones Innovation Directions Navigation Password Social Engineering Collaboration Saving Money Desktop Managed Service Business Cards Microsoft Holiday Wireless Web Server Relocation Flexibility Ransomware Emails Remote Computing Help Desk tech support Staten Isalnd IT consulting firm Congratulations Google Docs Laptop Applications computer support NYC Regulations YouTube Tablet Business Technology managed IT services staten island Banking Botnet Travel Bookmark Business Growth IT consulting NYC Business Continuity Mobility Cloud Computing Technology managed services Windows 10 tech support Staten Island Processors Vulnerabilities Download Windows Word Flash IT support firms Software License Google Calendar In Internet of Things CCTV Microchip Experience IT Services Business Metrics Law Enforcement Saving Time Cortana Productivity Websites Alert Fake News Multi-factor Authentication Internet Information Update BDR Public Cloud Cost Management Document Management IT support New York City Privacy Virtual Desktop Tactics Memory Freedom of Information Lithium-ion battery Computer Malfunction Data Backup Telephone System SharePoint Quick Tips Taxes Solutions it support Virtual Reality Healthcare Maintenance LiFi Physical Security Telephone End of Support Windows 7 Browser Operating System Blockchain Monitoring Disaster Recovery Disaster Office Tips IT Consultant Security Identity Theft Politics Phishing Proactive IT Regulation Security Cameras Professional Services Data Protection Visible Light Communication Internet of Things Cryptocurrency Microsoft Excel Time Management Audit Users Gamification Business Computing CrashOverride Server Analytics Computer Social Media Outlook computer support Staten Island Addiction Backup and Disaster Recovery Staten Island IT consulting data recovery Staten Island

Newsletter Sign Up