top of page
Recent Posts
Featured Posts

Hacker beats two step authentication with simple phishing attack.

  • Frederik Herholdt
  • May 10, 2018
  • 2 min read

A security researcher has recently delved into the possibility of being hacked through a phishing attack - even when your two step authentication is enabled.

Hacker beats two step authentication with simple phishing attack.

Two step authentication is a security measure used to protect users' accounts online. How it works: When the user logs into their account they are taken to a second page where they are required to enter a code/pin sent to their mobile phone. See video below.


A hacker, Kevin Mitnick, uploaded a video onto YouTube showing just how easy it is to exploit a users information when the victims click to a "fake login page".


The attack begins with an email, requesting the user to connect on a social platform, in this case LinkedIn. The email, when clicking on its links, directs you to the authentic login page of the social platform which it wishes to hack your account on. The catch is that the link that was clicked on in the email first goes to the hackers before directing to the authentic site, this way they record the web activity.


The site requests your username, password, and authentication code, which it passes to the legitimate site to log you in, while capturing the session cookie in the process. With the session cookie - captured by the help of the link from the email clicked on, the hacker can log in whenever they want, according to the report.


While the attack was demonstrated on LinkedIn, Mitnick’s company KnowBe4 warned that the attack could be weaponised for any site.

How to avoid this from happening to you?

STELLENBIZ picked up a few precautionary measures you can take to stop this from happening to you.

  • Check that the mail you got is from a legitimate source/mail address.

  • Before clicking on any links within an email, hover over the clickable link and check in the bottom left corner of your desktop screen if the link is to where it says it's supposed to be.

  • Go through your email settings and check if your spam filters are enabled correctly.

  • Rule of thumb is to never log into your social platforms via email invitations from people unknown to you.

Posted 10 May 2018 | Frederik Herholdt.

Comments

Search By Tags
Archive
Versus Performance Socks

Subscribe for more trusted news & data.

Our news feed is free!

CUSTOMER CARE.

 → CONTACT US

 → DISCLAIMER

Copyright © 2016 - 2018 STELLENBIZ

"STELLENBIZ" is a division of Herholdt Photography & Design.

All rights reserved

Disclaimer: 

"STELLENBIZ" (division of Herholdt Photography & Design.) and its associates disclaim all liability for any loss, damage, injury or expense however caused, arising from the use of or reliance upon, in any manner, the information provided through this service and does not warrant the truth, accuracy or completeness of the information provided. The authentic STELLENBIZ info page for Stellenbosch is this website. Other Business Indexes: Helderberg.biz, tuugo, stellenbosch-unlimited, stellenboschonline, showme, cylex, business-index, infohub, mydorpie, nobd, jobspace, trustlist.

GET TO KNOW US.

 → ABOUT US

 → ADVERTISING

TECHNICAL.

 → LIST YOUR BUSINESS

 → REPORT A PROBLEM

  • White Facebook Icon
  • White Twitter Icon
  • White Instagram Icon

follow US

© Copyright STELLENBIZ
bottom of page