Two-Factor Authentication has been known to act as an extra layer of protection for your accounts until now. Google has recently noticed an increase in phishing scams defeating the common security setup. The attacks, referred to as “2FA phishing attacks” work by tricking the victim into handing over both their password and their special one-time passcode protecting their Gmail account. The one-time passcode is generally harder to obtain, but hackers are now using “phishing kits” to obtain both codes quickly. The kit steals the password and passcode as the user types it in, breaking into the account within the 30-second time limit.
While 2FA still remains better than single factor authentication, attackers are actively trying to defeat this. Google is trying to defeat the attackers by blocking login attempts from unfamiliar geographic locations as well as warning you about emails that appear suspicious. The latest recommendation to stay protected can be costly, in the form of a hardware-based solution: USB security keys. Here, the one-time passcode in two-factor authentication is stored in the physical piece of hardware that can be plugged into your PC to access. The technology is said to make an organization “unphishable”.
To learn more about the increased phishing attacks, and how to stay protected, visit here.