Recent waves of attacks show that the extra code received by SMS does not completely put away users from intrusion into their account. We must remain vigilant.
If you have a Gmail account, perhaps you also enabled two-factor authentication to protect against intruders. This means to identify you, you fill in the entry of the password by a second code received via SMS or generated by the mobile Google Authenticator app. That's fine, but that's not a reason to guard down completely, because it is possible to bypass this safety feature. And hackers actively engaged.
The Citizen Lab research laboratory and has just published a report on a series of attacks that have targeted members of the Iranian diaspora and activists of citizens rights. These examples show that to trap their targets, hackers are forced to dig pretty head. Indeed, they must not put the hand on a code, but on two. Moreover, as the second code has a short lifespan, the interception must be done at a time when the user wants to connect.
Phishing and interceptions in real time
To get there, the hackers described by Citizen Lab have created fake Google sites and encouraged their victims to connect to it, using different phishing techniques. Thus, they received a false alarm email indicating a connection attempt, with the key link to connect quickly and change password. Another method: send by email a link to a Google Drive document under the pretext of an interesting project or an interview with the press. In these cases, the sending was preceded by a phone call, just to increase the level of confidence.
If the victim falls in the panel and click on the link, then she finds herself redirected to a site that impersonates Google and displays a false login page. The user enters their password. It is intercepted by an attacker who immediately will connect to the real Google account, generating sending the second code. The user then enters the second code, the attacker will, again, immediately inquire about the real Google page. And bingo, the hacker won!
It perfectly possible to thwart these attacks, provided they are well aware. Sometimes the fake emails contain errors or inconsistencies. The alert message indicating "The Iran" as the origin of connection, instead of just "Iran". For its part, the interview proposal referring to "Reutures" instead of "Reuters".
Then we must verify the email address of the sender. In one case, the attacker said "no-reply@support.qooqle.com", replacing the "g" for Google by "q". Rather subtle because email addresses are often highlighted. Finally, the URL of the login page must be systematically checked. If there is not the famous padlock and the address does not refer to "accounts.google.com" then it is a scam.
To enable two-factor authentication in your Google account, you must log on https://myaccount.google.com and click "Connect on Google" and "two-step Validation".
0 comments :
Post a Comment