Gmail and Yahoo Mail 2FA thwarted by Iranian phishers

SMS 2FA used by Google and Yahoo by-passed

 

A phishing gang in Iran has managed to bypass the two Factor Authentication (2FA) that Gmail and Yahoo Mail users use to secure their accounts.

2FA helps users to protect their accounts by adding an extra layer of security. Using your username and password and then something extra like a single use password which is delivered via an SMS message.

In this case the gang were able to get the user to go to a fake website that looked exactly like the users Gmail or Yahoo Mail login page. Once the user had entered in their details to the fake site the gang then took those details and entered them in to the real site and then the fake site asked for the code which had just been sent to their mobile phone. Once they entered this in to the site the gang were able to take the code and enter it in to the real site and gain access to the users email accounts.

The attackers, working on behalf of the Iranian government, sent out emails targeting US Government officials, activists and journalists, specifically those involved in the US sanctions against Iran. First they found as much information about each victim and then crafted specially targeted emails at each of them. The emails had a secret hidden picture in them which notified the gang in real-time when the user was viewing the email so they could carry out the attack while the user was trying to login.

The attack was notable for other reasons also it used email addresses such as notifications.mailservices@gmail.com and noreply.customermails@gmail.com to make it look like they were official emails from Google.

We would urge all users of any service to ensure that they check very carefully the links in emails and if possible not to use links in emails at all. Keep yourself up-to-date with security issues by opening an account and signing up for our Security Alerts, Newsletters and Promotional emails.

Keep Safe

CritchCorp Computers Ltd