Gmail and Yahoo Mail 2FA thwarted by Iranian phishers

SMS 2FA used by Google and Yahoo by-passed


A phishing gang in Iran has managed to bypass the two Factor Authentication (2FA) that Gmail and Yahoo Mail users use to secure their accounts.

2FA helps users to protect their accounts by adding an extra layer of security. Using your username and password and then something extra like a single use password which is delivered via an SMS message.

In this case the gang were able to get the user to go to a fake website that looked exactly like the users Gmail or Yahoo Mail login page. Once the user had entered in their details to the fake site the gang then took those details and entered them in to the real site and then the fake site asked for the code which had just been sent to their mobile phone. Once they entered this in to the site the gang were able to take the code and enter it in to the real site and gain access to the users email accounts.

The attackers, working on behalf of the Iranian government, sent out emails targeting US Government officials, activists and journalists, specifically those involved in the US sanctions against Iran. First they found as much information about each victim and then crafted specially targeted emails at each of them. The emails had a secret hidden picture in them which notified the gang in real-time when the user was viewing the email so they could carry out the attack while the user was trying to login.

The attack was notable for other reasons also it used email addresses such as and to make it look like they were official emails from Google.

We would urge all users of any service to ensure that they check very carefully the links in emails and if possible not to use links in emails at all. Keep yourself up-to-date with security issues by opening an account and signing up for our Security Alerts, Newsletters and Promotional emails.

Keep Safe

CritchCorp Computers Ltd

Comment (7)

  • Veda Kearney| 12 February, 2019

    It is great that you bring these issues to our attention.

    thank you.


  • Kira Burdekin| 7 February, 2019

    Nice weblog here! Also your site loads up fast! What
    web host are you the usage of? Can I am getting your associate hyperlink in your host?

    • CritchCorp| 7 February, 2019

      Thanks for noticing. We have been working hard to make improvements to our site and I agree it does load quickly, much quicker than it was.
      We are in fact a hosting company so please feel free to sign up at:
      We can help to optimise your site so that it works quickly too. Quality hosting is only one part of getting a site to work quickly, there is more that needs to be done. Once signed up and your site is transferred across, submit a support ticket and we will help with optimising and a couple of other things that will improve your site response.
      If you need help transferring we can help you to transfer WordPress sites and other CMS applications, just submit a support ticket from your account.

  • Gerald Aguirre| 7 February, 2019

    Great article about state sponsored attacks, these seem to be getting more and more frequent.

    • CritchCorp| 7 February, 2019

      Hi Gerald, Yes, there is a lot of it going on and it just doen’t get reported in the media very much. There are cases of state sponsored attacks of one sort or another going as far back as about 2006 as far as I can remember. You can see some of other posts on various state sponsored virus attacks etc.

  • Carley Veitch| 5 February, 2019

    Does this mean that it is unsafe to use Gmail or Yahoo mail?

    • CritchCorp| 5 February, 2019

      In our opinion it was never safe to use any of the FREE email services, we have written other articles about it.
      The thing to remember is to be alert when it comes to emails asking you to do something. The Phishing emails get better every day so don’t over react and be very aware of the links in emails. Don’t use them if you can help it.