Phishing Attack Bypasses Two-Factor Authentication

2-factor authentication (2FA) adoption has been pushed and encouraged around the world to help strengthen login security measures and protect customer’s data. 2FA has helped businesses and consumers to improve security, but attackers have found ways to circumvent this best practice by way of social engineering. The tool essentially creates an email with a fake, but similarly spelled URL (linkedin to linked). Once the link is initiated in the email, it takes the user to a page that resembles the actual web page where they are prompted for their username and password. The hacker is able to see this and get the password and username, but also the session cookie. With the session cookie, the attacker does not need the username, password or 2FA code. They take the session key and enter it into the browser, paste the session cookie into their developer tools and hit refresh which puts them in the same session as the user. Businesses are urged to ensure their users have access to education and training; conduct simulated phishing attacks; and put employees through updated security awareness training. 


Relevant URL(s): https://www.darkreading.com/endpoint/phishing-attack-bypasses-two-factor-authentication/d/d-id/1331776