• Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

    6 monthes ago - By Ars Technica

    Enlarge
    A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.
    Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that...
    Read more ...