{"id":19360,"date":"2018-09-10T16:29:32","date_gmt":"2018-09-10T20:29:32","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=19360"},"modified":"2022-04-27T14:55:37","modified_gmt":"2022-04-27T18:55:37","slug":"two-factor-authentication-malware-linkedin-phishing-scam","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/two-factor-authentication-malware-linkedin-phishing-scam\/","title":{"rendered":"Nutty Malware Can Wipe Out Two-Factor Authentication"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Two-factor authentication has garnered plenty of praise as one of the most secure ways to sign into an online or mobile account without getting hacked. However, cybercriminals have now developed <\/span><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/phishers-spread-hacked-linkedin\/\"><span style=\"font-weight: 400;\">a piece of malware<\/span><\/a><span style=\"font-weight: 400;\"> that can wipe out two-factor authentication and steal your data through a phishing email.<\/span><\/p>\n<p><b>Read More: <\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/5-tips-to-determine-if-an-email-is-actually-a-phishing-scam\/\"><b>5 Tips to Determine if an Email is Actually a Phishing Scam<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">While you should still implement this type of authentication on all your accounts, protect yourself further with an antiphishing app that adds another layer of security to your device and data. With <\/span><span style=\"font-weight: 400;\"><a href=\"https:\/\/app.appsflyer.com\/com.psafe.msuite?pid=MKT_BLOG_US&amp;c=malware_2-factor_authentication\" target=\"_blank\" rel=\"noopener\">dfndr security<\/a>,<\/span><span style=\"font-weight: 400;\"> your phone will have an <\/span><span style=\"font-weight: 400;\">anti -hacking<\/span><span style=\"font-weight: 400;\"> feature that protects your device and warns you of malicious links, blocks them, and prevents you from falling for phishing emails.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here\u2019s what you should know about <\/span><a href=\"https:\/\/gbhackers.com\/bypass-two-factor-authentication\/\"><span style=\"font-weight: 400;\">the malware<\/span><\/a><span style=\"font-weight: 400;\"> that can wipe two-factor authentication.<\/span><\/p>\n<p><b>Not as Powerful as it Looks<br \/>\n<\/b><span style=\"font-weight: 400;\">Security researchers released a video that shows how easy it is to take over an account or someone\u2019s personal information, even with this type of authentication. The video revealed a phishing email with a bit of code that can steal or compromise the login information of a user by placing the code into a login box.<\/span><\/p>\n<p><b>Fraudulent LinkedIn Email<br \/>\n<\/b><span style=\"font-weight: 400;\">The phishing scam sends what appears to be a legitimate LinkedIn email showing that someone is trying to connect with them through the social media site. The researchers showed that if you look closely, the return address of the email is not correct as it\u2019s actually a spoofed version of LinkedIn.<\/span><\/p>\n<p><b>What Happens Next?<br \/>\n<\/b><span style=\"font-weight: 400;\">If the target falls for the phishing email and clicks the \u201cinterested\u201d button, the malware will then be downloaded onto the victim\u2019s device. The email then takes the victim to the real LinkedIn site where they log in their information to complete the connection process, including having the site send an access code to the account holder\u2019s phone.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While this is going on, the malware in the background has gained control of the email and password linked with the victim\u2019s account, along with the session cookie. The criminal can then use the victim\u2019s information to log into their account, even without two-factor authentication and without the victim\u2019s device.<\/span><\/p>\n<p><b>Scary Stuff! What Should I Do?<br \/>\n<\/b><span style=\"font-weight: 400;\">Naturally, two-factor authentication will not help you at this stage, so the best thing you can do is download an antivirus app like dfndr security that has antiphishing technology, but don\u2019t just leave it up to a security app, be sure to always check emails closely. The sender address, how the email is composed (language and punctuation), and the urgency level are some clues to whether or not an email is legitimate. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This once tried and true security method is under fire by hackers.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[30,249,67],"class_list":["post-19360","post","type-post","status-publish","format-standard","hentry","category-security","tag-android","tag-security","tag-smartphone"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/19360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=19360"}],"version-history":[{"count":15,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/19360\/revisions"}],"predecessor-version":[{"id":19388,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/19360\/revisions\/19388"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=19360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=19360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=19360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}