Real-Time Attacks Against Two-Factor Authentication
Attackers are targeting two-factor authentication systems:
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.
This isn’t new. I wrote about this exact attack in 2005 and 2009.
AJWM • December 14, 2018 11:53 AM
The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages.
This is why you don’t let your email client download images or follow web links. (Or ideally, interpret HTML at all.)