Nutty Malware Can Wipe Out Two-Factor Authentication
This once tried and true security method is under fire by hackers.
Two-factor authentication has garnered plenty of praise as one of the most secure ways to sign into an online or mobile account without getting hacked. However, cybercriminals have now developed a piece of malware that can wipe out two-factor authentication and steal your data through a phishing email.
Read More: 5 Tips to Determine if an Email is Actually a Phishing Scam
While you should still implement this type of authentication on all your accounts, protect yourself further with an antiphishing app that adds another layer of security to your device and data. With dfndr security, your phone will have an anti -hacking feature that protects your device and warns you of malicious links, blocks them, and prevents you from falling for phishing emails.
Here’s what you should know about the malware that can wipe two-factor authentication.
Not as Powerful as it Looks
Security researchers released a video that shows how easy it is to take over an account or someone’s personal information, even with this type of authentication. The video revealed a phishing email with a bit of code that can steal or compromise the login information of a user by placing the code into a login box.
Fraudulent LinkedIn Email
The phishing scam sends what appears to be a legitimate LinkedIn email showing that someone is trying to connect with them through the social media site. The researchers showed that if you look closely, the return address of the email is not correct as it’s actually a spoofed version of LinkedIn.
What Happens Next?
If the target falls for the phishing email and clicks the “interested” button, the malware will then be downloaded onto the victim’s device. The email then takes the victim to the real LinkedIn site where they log in their information to complete the connection process, including having the site send an access code to the account holder’s phone.
While this is going on, the malware in the background has gained control of the email and password linked with the victim’s account, along with the session cookie. The criminal can then use the victim’s information to log into their account, even without two-factor authentication and without the victim’s device.
Scary Stuff! What Should I Do?
Naturally, two-factor authentication will not help you at this stage, so the best thing you can do is download an antivirus app like dfndr security that has antiphishing technology, but don’t just leave it up to a security app, be sure to always check emails closely. The sender address, how the email is composed (language and punctuation), and the urgency level are some clues to whether or not an email is legitimate.