Phishing Attacks Target Google, Yahoo, and ProtonMail Accounts

  • A new wave of phishing attacks has been discovered that can bypass two-factor authentication.
  • A report by Amnesty International revealed that the attacks targeted towards accounts in North Africa and the Middle East.
  • Google, Yahoo, and ProtonMail are three of the major companies whose users are being targeted.

According to a report by Amnesty International, a number of hackers have been able to come up with a new phishing attack that can bypass two-factor authentication. A number of companies are being targeted including Google, Yahoo, and ProtonMail with users having their accounts infiltrated. The attacks are successful against common 2FA methods like SMS protect and email-based two-factor authentication methods.

Gmail Phishing
Image Courtesy of Amnesty International

Amnesty International has been monitoring the phishing attacks since 2017, and most of the identified victims are from the Middle East and North Africa. According to the report, the attacks are most likely based in UAE, Egypt, Palestine, and Yemen. Human rights defenders, political actors, journalists, and other potential victims are the interest to the attackers.

A Yahoo spokesperson responded to the attacks saying “The threat landscape is continually evolving, and we are committed to evolve with it to help keep our users secure. In 2015, we launched Yahoo Account Key, which does not utilize SMS, and encourage users to adopt this form of authentication.”

Google’s phone-based authentication method that requires users to enter two different numbers that show up on their mobile devices along with U2F key authentication were not affected. Users who use traditional two-factor authentication methods like SMS or email should move towards app-based authentication or physical authentication keys for added security.

According to Amnesty International, the phishing attacks are completely automated, and the people behind the attacks trick users into resetting their passwords while having access to the two-factor authentication codes. Some of the attackers also created fake websites with slight changes to the URLs which is one of the oldest methods of phishing for passwords.

What do you think about the phishing attacks targeting internet users in North Africa and the Middle East? Let us know in the comments below. Don’t forget to join the discussion where our online community also likes to hang out, on Facebook and Twitter.

REVIEW OVERVIEW

Latest

How to Watch Floyd Mayweather Vs. Logan Paul: Live Stream, Fight Date

Boxing legend Floyd Mayweather makes his return to the ring on June 06 to take on famous YouTuber Logan Paul in a...

Google Finds a Way Out of the Deadlock for YouTube TV on Roku

Google is offering a workaround for Roku users who suddenly got locked out of the YouTube TV app.The tech giant is incorporating...

Cryptocurrency Scammers Have Hijacked Twitter Account of Argentinian Politician

Bitcoin scammers have taken over the Twitter account of a prominent political person in Argentina.The actors are leading their prospective victims to...