HOW HACKERS BYPASSED 2-STEP AUTHENTICATION

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts.




The attack looks simple, whenever a user receives a new connection request in Linkedin you will be notified with an email, by clicking interested it will take to the Linkedin account.

Instead of redirecting to Linkedin it redirects to the phishing domain llnked[.]com and it asks to fill the login credentials.
The exploit is based on a credentials phishing attack that uses a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, the 2FA token gets intercepted and it's trivial to hack into the LinkedIn account.

Here, Kevin demonstrates how this works, watch this video for better understanding.

HOW HACKERS BYPASSED 2-STEP AUTHENTICATION HOW HACKERS BYPASSED 2-STEP AUTHENTICATION Reviewed by Haxbaba Tech on 09:02 Rating: 5

No comments:

Powered by Blogger.