Phishing Attacks Target Google, Yahoo, and ProtonMail Accounts

  • A new wave of phishing attacks has been discovered that can bypass two-factor authentication.
  • A report by Amnesty International revealed that the attacks targeted towards accounts in North Africa and the Middle East.
  • Google, Yahoo, and ProtonMail are three of the major companies whose users are being targeted.

According to a report by Amnesty International, a number of hackers have been able to come up with a new phishing attack that can bypass two-factor authentication. A number of companies are being targeted including Google, Yahoo, and ProtonMail with users having their accounts infiltrated. The attacks are successful against common 2FA methods like SMS protect and email-based two-factor authentication methods.

Gmail Phishing
Image Courtesy of Amnesty International

Amnesty International has been monitoring the phishing attacks since 2017, and most of the identified victims are from the Middle East and North Africa. According to the report, the attacks are most likely based in UAE, Egypt, Palestine, and Yemen. Human rights defenders, political actors, journalists, and other potential victims are the interest to the attackers.

A Yahoo spokesperson responded to the attacks saying "The threat landscape is continually evolving, and we are committed to evolve with it to help keep our users secure. In 2015, we launched Yahoo Account Key, which does not utilize SMS, and encourage users to adopt this form of authentication."

Google’s phone-based authentication method that requires users to enter two different numbers that show up on their mobile devices along with U2F key authentication were not affected. Users who use traditional two-factor authentication methods like SMS or email should move towards app-based authentication or physical authentication keys for added security.

According to Amnesty International, the phishing attacks are completely automated, and the people behind the attacks trick users into resetting their passwords while having access to the two-factor authentication codes. Some of the attackers also created fake websites with slight changes to the URLs which is one of the oldest methods of phishing for passwords.

What do you think about the phishing attacks targeting internet users in North Africa and the Middle East? Let us know in the comments below. Don’t forget to join the discussion where our online community also likes to hang out, on Facebook and Twitter.



Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari