Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Hacker beats two-factor authentication with phishing attack

Post a Fraud Alert:

A security researcher has developed a social engineering attack to bypass two-factor authentication, TechCrunch reported.

Hacker Kevin Mitnick produced a video on YouTube showing how the exploit works by sending victims to a fake login page.

The site requests your username, password, and authentication code, which it passes to the legitimate site to log you in, while capturing the session cookie in the process.

Once this is done, the hacker can log in whenever they want, according to the report.

While the attack was demonstrated on LinkedIn, Mitnick’s company KnowBe4 warned that the attack could be weaponised for any site.

Now read: Reddit adds two-factor authentication for all users

Article source: