You are here: Blog Tags Data

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

Voyage Technology Blog Security
0 Comments
Phishing Attacks Are Besting Two-Factor Authentication--Now What?

What has proven to be one of the more effective ways of preventing phishing attacks may be under fire from more advanced threats designed specifically to penetrate the defenses of two-factor authentication. This means that users need to be more cognizant of avoiding these attacks, but how can you help them make educated decisions about this? Let’s start by discussing the phishing attacks that can beat 2FA.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are several methods used by hackers to bypass the security benefits of 2FA. Some phishing attempts have managed to find success in convincing users to have over both their credentials and the 2FA code that is generated by a login attempt. As reported by Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing fake page to reset their Google password. Sometimes fake emails can be quite convincing, making the trickery much more difficult to identify.

As Amnesty International looked into the attacks, they found that the attacks were using an automated solution to launch Chrome and submit information the user entered into their end. This meant that the 30-second time limit imposed by 2FA was of no concern.

In November 2018, an application on a third-party app store posed as an Android battery utility tool was found to be stealing funds from a user’s PayPal account. The application would change the device’s Accessibility settings to enable an accessibility overlay feature. Once it was in place, the user’s clicks would be mimicked, giving hackers the ability to send funds to their own PayPal account.

Yet another method of attack was shared publicly by Piotr Duszynski, a Polish security researcher. This method, named Modlishka, created a reverse proxy that intercepted and recorded credentials as the user attempted to plug them into an impersonated website. Modlishka would then send the credentials to the real website to hide the fact that the user’s credentials were in fact stolen. Even worse yet, if the person using Modlishka is nearby, they can steal the 2FA credentials and use them very quickly.

Protect Yourself Against 2FA Phishing Schemes

The first step toward preventing 2FA phishing attacks is to make sure you actually have 2FA implemented in the first place. While it might not seem like much of a help (after all, these attacks are designed to work around them), it is much preferable to not having 2FA at all. The most secure method of 2FA at the moment uses hardware tokens with U2F protocol. Most important of all, however, is that your team needs to be trained on the giveaway signs of phishing attacks. With these attempts that target 2FA solutions, it might not be immediately apparent, which is why it’s all the more important to remain vigilant.

At its heart, 2FA phishing is just like regular phishing, plus an additional step to bypass or replicate the secondary authentication method. Here are a few tips to ensure best practices are followed regarding phishing attempts:

  • First, check to make sure that the website you’re using is actually the one it claims to be. For example, if you’re logging in to your Google account, the login URL wouldn’t be something like logintogoogle.com. You wouldn’t believe how often spoofers will fool users in this way.
  • To help you better understand other signs of phishing attacks, check out this phishing identification skills quiz by Alphabet, Inc. We encourage your staff also look into it.

To learn more about phishing attacks, be sure to subscribe to our blog.

Tweet
Tags:
Security Phishing Two-factor Authentication
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 03 June 2026

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Data Business Computing Business Productivity Software Innovation Cloud Hackers Efficiency Hardware Network Security User Tips IT Services Internet Malware Workplace Tips Phishing IT Support Privacy Email Google Computer Workplace Strategy Small Business Hosted Solutions Ransomware Backup Managed Service Collaboration Users AI Mobile Device Productivity Microsoft Saving Money Quick Tips Passwords Communication Cybersecurity Data Backup Smartphone Disaster Recovery Data Recovery Android Upgrade VoIP Business Management Smartphones communications Mobile Devices Windows Browser Social Media Microsoft Office Managed IT Services Network Current Events Tech Term Remote Internet of Things Miscellaneous Training Information Facebook Holiday Automation Artificial Intelligence Cloud Computing Gadgets Compliance Covid-19 Outsourced IT IT Support Server Managed Service Provider Remote Work Encryption Spam Employee/Employer Relationship Windows 10 Office Government Business Continuity Data Management Virtualization Wi-Fi Blockchain Business Technology Vendor Bandwidth Windows 10 Data Security Managed Services Apps Two-factor Authentication Tip of the week Mobile Office App WiFi Voice over Internet Protocol BYOD Employer-Employee Relationship Chrome Budget Mobile Device Management Gmail Apple Networking BDR Conferencing Computing Physical Security Information Technology Hacker Access Control Office 365 Avoiding Downtime Marketing HIPAA Applications Password Managed IT Services How To Big Data Operating System Healthcare Virtual Private Network Risk Management Computers Health Analytics Office Tips Website Augmented Reality Router Retail Storage Bring Your Own Device 2FA Help Desk The Internet of Things Excel Going Green Patch Management Save Money Remote Monitoring Social End of Support Remote Workers Managed IT Service Vulnerability Vendor Management Cybercrime Telephone Display Customer Service Cooperation Free Resource Printer Project Management Windows 7 Paperless Office Infrastructure Microsoft 365 Solutions Document Management Firewall Scam Data loss Windows 11 Monitoring Video Conferencing Managed Services Provider Robot Saving Time Virtual Machines Professional Services Settings Wireless Printing Content Filtering Downloads IT Management iPhone VPN YouTube Meetings Customer Relationship Management Licensing Cryptocurrency Entertainment Vulnerabilities Computer Repair Data Privacy Hacking Images 101 Virtual Desktop Presentation LiFi Data storage Multi-Factor Authentication Mobility Telephone System Wireless Technology Cost Management Outlook Machine Learning Money Humor Employees Word Integration Maintenance Modem Antivirus Sports User Tip Processor Mobile Security Mouse Holidays Administration Safety Data Storage Smart Technology Supply Chain IT solutions How To Addiction Language Employer/Employee Relationships Outsourcing Legal Navigation Business Growth Notifications Management PCI DSS Chatbots Gig Economy Screen Reader Distributed Denial of Service Workplace Travel Google Maps Cortana Service Level Agreement Internet Service Provider Computing Infrastructure Teamwork Hiring/Firing Techology Identity Evernote Paperless Alt Codes Application Regulations Compliance Bookmark Smart Tech Memes Co-managed IT Downtime Unified Threat Management Hosted Solution IBM Download Net Neutrality Alerts SQL Server Technology Care Unified Threat Management History Business Communications Typing Financial Data Network Congestion Browsers Smartwatch Connectivity IT Break Fix Scams Knowledge Upload Procurement Azure Hybrid Work Google Drive User Error Cyber security Multi-Factor Security Tech Human Resources Social Network Telework 5G CES IoT Communitications Dark Web Cables Point of Sale Competition Unified Communications Experience Trends Supply Chain Management Google Docs Regulations Google Calendar Term Google Apps Bitcoin Network Management Running Cable Tech Support Customer Resource management FinTech Monitors Data Analysis Star Wars IT Assessment Microsoft Excel IT Maintenance Google Wallet User Gamification Flexibility Staff Value Business Intelligence Social Networking Legislation Shortcuts Windows 8 Laptop Websites Organization Fileless Malware Digital Security Cameras Smart Devices Ransmoware Drones IP Address Electronic Medical Records Content Remote Working Wearable Technology Memory Vendors SharePoint Motherboard Data Breach Comparison Google Play Be Proactive Halloween Health IT Writing Directions Videos Assessment Electronic Health Records Permissions Workforce Lenovo Virtual Reality Recovery Wasting Time Threats Trend Micro Specifications Security Cameras Workplace Strategies Hacks Server Management Scary Stories Private Cloud Hard Drives Domains Fun Microchip Internet Exlporer Software as a Service Fraud Meta Superfish Identity Theft Deep Learning Twitter Username Managing Costs Amazon eCommerce Black Friday SSID Error Refrigeration Public Speaking Social Engineering Database Surveillance Virtual Assistant Outsource IT Education Media Lithium-ion battery Remote Computing IT Technicians Virtual Machine Environment Entrepreneur Cookies Cyber Monday Medical IT Mobile Computing Proxy Server Reviews Search Tactics Development Hotspot Transportation Small Businesses Tablet Best Practice Alert Mirgation Hypervisor Displays Nanotechnology Optimization PowerPoint Managed IT Buisness File Sharing Undo Dark Data Shopping

Blog Archive

2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015