Address:
CritchCorp Computers Ltd
132 - 134 Great Ancoats Street
Manchester
M4 6DE
(Official Correspondence only)

Gmail and Yahoo Mail 2FA thwarted by Iranian phishers

 

A phishing gang in Iran has managed to bypass the two Factor Authentication (2FA) that Gmail and Yahoo Mail users use to secure their accounts.

2FA helps users to protect their accounts by adding an extra layer of security. Using your username and password and then something extra like a single use password which is delivered via an SMS message.

In this case the gang were able to get the user to go to a fake website that looked exactly like the users Gmail or Yahoo Mail login page. Once the user had entered in their details to the fake site the gang then took those details and entered them in to the real site and then the fake site asked for the code which had just been sent to their mobile phone. Once they entered this in to the site the gang were able to take the code and enter it in to the real site and gain access to the users email accounts.

The attackers, working on behalf of the Iranian government, sent out emails targeting US Government officials, activists and journalists, specifically those involved in the US sanctions against Iran. First they found as much information about each victim and then crafted specially targeted emails at each of them. The emails had a secret hidden picture in them which notified the gang in real-time when the user was viewing the email so they could carry out the attack while the user was trying to login.

The attack was notable for other reasons also it used email addresses such as notifications.mailservices@gmail.com and noreply.customermails@gmail.com to make it look like they were official emails from Google.

We would urge all users of any service to ensure that they check very carefully the links in emails and if possible not to use links in emails at all. Keep yourself up-to-date with security issues by opening an account and signing up for our Security Alerts, Newsletters and Promotional emails.

Keep Safe

CritchCorp Computers Ltd

SOCIAL MEDIA

CritchCorp Smart™

Enter your email address and keep up-to-date with the latest security news, product releases and promotional offers

Thank You, we'll be in touch soon.
CritchCorp Computers Ltd is an approved partner with Faster Britain.

© CritchCorp Computers Ltd, 2006 - 2024

"CritchCorp Retail" and "CritchCorp Retail and Wholesale" are trading names of CritchCorp Computers Ltd.
CritchCorp Smart™ is a trademark of CritchCorp Computers Ltd.
All rights reserved.
CritchCorp Computers Ltd is a company registered in England and Wales. Company number 05928822. Registered Office: 132 - 134 Great Ancoats Street, Manchester, M4 6DE. (Legal correspondence only)