Friday, 4 September 2015

Two-Factor Authentication Frustrates Phishers

Turning on two-factor authentication for email accounts appears to be a difficult problem for phishers, let examination of Canadian Citizen Lab see. The organization writes a sizeable phishing campaign against Iranian people and a director of the American civil rights organization EFF.

Two-factor authentication ensures that must be entered when logging an additional code. This code is received via SMS or can be generated via an app. However, the code has a limited validity. This allows phishers to try in real-time to get both the password of the account if the two-factor code. During the phishing campaign Citizen Lab describes using various tactics.Thus users received a text message which seemed to come from Google and suggested that there was someone else at the account login.

Shortly after the SMS was sent a phishing mail that warned of the accused login attempt. The message was a link to enable users to reset their password. The link pointed to a phishing site where the password must be entered as a two-factor code.The attack failed when the attackers in a short time more than ten text messages sent out to the target to increase the pressure.


In the case of the EFF headmistress she got a call from someone posing as a journalist and wanted to interview her. Then the director received an e-mail with a link to a document on the phishing page. Since the link has not been opened to the phisher was frustrated and sent a new message. Eventually he called the director frustrated and asked if she wanted to open the link, since the mail was now sent from his personal account.

According to Citizen Lab shows the campaign that two-factor authentication, and the attention of users, ensures that attackers need to do much more effort to gain access to an account. In addition, users are advised to use an app to generate the two-factor code, as it offers more security than a text message.

No comments:

Post a Comment