You are here: Blog Tags Workforce

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Phishing Attacks Are Besting Two-Factor Authentication--Now What?

Voyage Technology Blog Security
0 Comments
Phishing Attacks Are Besting Two-Factor Authentication--Now What?

What has proven to be one of the more effective ways of preventing phishing attacks may be under fire from more advanced threats designed specifically to penetrate the defenses of two-factor authentication. This means that users need to be more cognizant of avoiding these attacks, but how can you help them make educated decisions about this? Let’s start by discussing the phishing attacks that can beat 2FA.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are several methods used by hackers to bypass the security benefits of 2FA. Some phishing attempts have managed to find success in convincing users to have over both their credentials and the 2FA code that is generated by a login attempt. As reported by Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing fake page to reset their Google password. Sometimes fake emails can be quite convincing, making the trickery much more difficult to identify.

As Amnesty International looked into the attacks, they found that the attacks were using an automated solution to launch Chrome and submit information the user entered into their end. This meant that the 30-second time limit imposed by 2FA was of no concern.

In November 2018, an application on a third-party app store posed as an Android battery utility tool was found to be stealing funds from a user’s PayPal account. The application would change the device’s Accessibility settings to enable an accessibility overlay feature. Once it was in place, the user’s clicks would be mimicked, giving hackers the ability to send funds to their own PayPal account.

Yet another method of attack was shared publicly by Piotr Duszynski, a Polish security researcher. This method, named Modlishka, created a reverse proxy that intercepted and recorded credentials as the user attempted to plug them into an impersonated website. Modlishka would then send the credentials to the real website to hide the fact that the user’s credentials were in fact stolen. Even worse yet, if the person using Modlishka is nearby, they can steal the 2FA credentials and use them very quickly.

Protect Yourself Against 2FA Phishing Schemes

The first step toward preventing 2FA phishing attacks is to make sure you actually have 2FA implemented in the first place. While it might not seem like much of a help (after all, these attacks are designed to work around them), it is much preferable to not having 2FA at all. The most secure method of 2FA at the moment uses hardware tokens with U2F protocol. Most important of all, however, is that your team needs to be trained on the giveaway signs of phishing attacks. With these attempts that target 2FA solutions, it might not be immediately apparent, which is why it’s all the more important to remain vigilant.

At its heart, 2FA phishing is just like regular phishing, plus an additional step to bypass or replicate the secondary authentication method. Here are a few tips to ensure best practices are followed regarding phishing attempts:

  • First, check to make sure that the website you’re using is actually the one it claims to be. For example, if you’re logging in to your Google account, the login URL wouldn’t be something like logintogoogle.com. You wouldn’t believe how often spoofers will fool users in this way.
  • To help you better understand other signs of phishing attacks, check out this phishing identification skills quiz by Alphabet, Inc. We encourage your staff also look into it.

To learn more about phishing attacks, be sure to subscribe to our blog.

Tweet
Tags:
Security Phishing Two-factor Authentication
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 22 March 2026

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Data Business Computing Business Productivity Software Innovation Cloud Hackers Efficiency Hardware Network Security User Tips Internet IT Services Malware IT Support Privacy Workplace Tips Phishing Google Email Computer Workplace Strategy Collaboration Hosted Solutions Small Business Users Backup Managed Service Ransomware Mobile Device Productivity Microsoft Quick Tips Passwords Saving Money Communication AI Cybersecurity Data Backup Smartphone Disaster Recovery Data Recovery Android Upgrade VoIP Business Management Smartphones Mobile Devices communications Windows Social Media Browser Microsoft Office Managed IT Services Network Current Events Tech Term Remote Internet of Things Information Holiday Automation Artificial Intelligence Facebook Miscellaneous Cloud Computing Covid-19 Training Compliance Gadgets Remote Work Server Managed Service Provider Outsourced IT IT Support Encryption Spam Employee/Employer Relationship Office Windows 10 Government Data Management Business Continuity Blockchain Wi-Fi Business Technology Windows 10 Bandwidth Virtualization Apps Vendor Two-factor Authentication Mobile Office Managed Services Data Security Employer-Employee Relationship BYOD Mobile Device Management Tip of the week Chrome Gmail Budget Voice over Internet Protocol WiFi Apple Networking App HIPAA Computing Hacker Physical Security Applications Information Technology Avoiding Downtime Access Control Marketing Office 365 Conferencing Managed IT Services How To BDR Operating System Computers Router Risk Management Virtual Private Network Website Health 2FA Help Desk Analytics Office Tips Augmented Reality Retail Storage Healthcare Password Bring Your Own Device Big Data Going Green Patch Management Save Money Microsoft 365 Remote Monitoring End of Support Vulnerability Customer Service Vendor Management Solutions Cybercrime Display Printer Paperless Office Windows 11 Infrastructure Monitoring Excel Firewall Document Management Remote Workers Managed IT Service Telephone The Internet of Things Scam Data loss Social Cooperation Free Resource Project Management Windows 7 Multi-Factor Authentication Robot Mobility Telephone System Customer Relationship Management Cost Management Settings Wireless Printing Content Filtering Hacking IT Management YouTube Meetings Presentation VPN Employees Integration Cryptocurrency Modem Wireless Technology User Tip Processor Computer Repair Mobile Security Virtual Desktop Holidays Data storage LiFi Data Storage Word Smart Technology Supply Chain Outlook Video Conferencing Machine Learning Managed Services Provider Money Saving Time Virtual Machines Professional Services Humor Safety Maintenance Sports Downloads Antivirus Mouse iPhone Licensing Entertainment Administration Vulnerabilities Data Privacy Images 101 Travel Social Networking Legislation Shortcuts Organization Techology Fileless Malware Digital Security Cameras Google Maps Smart Devices Cortana Ransmoware Alt Codes Content Remote Working Wearable Technology Memory Vendors Downtime Unified Threat Management Motherboard Data Breach Comparison Google Play Be Proactive Competition Health IT Unified Threat Management Directions Videos Hosted Solution Assessment Electronic Health Records Permissions Workforce Typing Wasting Time Threats Trend Micro Network Congestion Specifications Security Cameras Workplace Strategies Google Drive User Error Microchip User Internet Exlporer Software as a Service Knowledge Fraud Meta Username Managing Costs Amazon Point of Sale eCommerce 5G Black Friday SSID IP Address Google Docs Unified Communications Database Surveillance Experience Virtual Assistant Outsource IT Media Bitcoin Network Management Running Cable Tech Support IT Technicians Virtual Machine Environment Cookies Monitors Cyber Monday Medical IT Google Wallet Proxy Server Reviews Recovery Tactics Development Hotspot Transportation Small Businesses Hard Drives Windows 8 Laptop Websites Mirgation Hypervisor Displays Drones Shopping Nanotechnology Optimization PowerPoint Domains SharePoint Addiction Electronic Medical Records Language Employer/Employee Relationships Outsourcing Halloween Chatbots Navigation Refrigeration Management PCI DSS Public Speaking Lenovo Gig Economy Screen Reader Writing Distributed Denial of Service Workplace Lithium-ion battery Service Level Agreement Internet Service Provider Virtual Reality Computing Infrastructure Teamwork Hiring/Firing Entrepreneur Scary Stories Private Cloud Identity Evernote Paperless Hacks Server Management Regulations Compliance Superfish Bookmark Identity Theft Smart Tech Memes Fun Co-managed IT Deep Learning Download Net Neutrality Twitter Alerts SQL Server Technology Care Error History Business Communications Undo Financial Data Browsers Smartwatch Education Connectivity IT Social Engineering Break Fix Scams Upload Procurement Remote Computing Azure Hybrid Work Cyber security Multi-Factor Security Tech Human Resources Mobile Computing Social Network Telework CES Tablet IoT Communitications Search Dark Web Cables Application Best Practice Trends Supply Chain Management Alert Buisness File Sharing Regulations Dark Data Google Calendar Term Google Apps Managed IT Customer Resource management FinTech IBM Legal Data Analysis IT solutions Star Wars IT Assessment How To Microsoft Excel IT Maintenance Business Growth Gamification Flexibility Notifications Staff Value Business Intelligence

Blog Archive

2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015