They lost Gmail, 2FA verification didn't help. You better not do that
Two-factor authentication (2FA) is designed to give users peace of mind that even if someone gets their password, they won't be able to access their account. Unfortunately, some hackers targeting Gmail and YouTube users have found a way to get around this.
Is Google's two-step verification flawed?
Recently, the number of users complaining about the embarrassing operation of Google's 2FA has increased. They claim that hackers gained access to their accounts even though they had active 2FAchanging their passwords and account recovery details.
My Google account has been hacked. The hackers changed the password and phone number, and also edited the two-factor authentication settings. So I have no way to log into this account.
– one of the injured complains
Hi! Someone stole my Gmail account. They changed two-factor authentication to their own email and recovery phone. The account recovery process isn't working and it's throwing me for a loop. I have been the legal owner of this account for over 10 years and have the necessary identifying information
– writes Daniel Salinas
Forbes links these incidents to a scam that tempts unsuspecting users the promise of free XRP – a cryptocurrency created by Ripple. The most common trick used by these cyber criminals is a proposal to double the amount of XRP sent to them.
The scams use what appears to be the ID of the Ripple management account, and to sound more convincing, a deepfake video of the company's CEO, Brad Garlinghouse, was also created. Ripple has made it clear that it would never ask people to send them XRP and warns against falling into such traps.
How do fraudsters work?
However, the question remains – how do fraudsters bypass 2FA security? They send phishing emails that direct victims to session cookie-stealing malware. These little bits of data make it easier to log into different accounts. Session thieves impersonate legitimate users, misleading websites.
Google has admitted that session cookie theft has long been a problem, but adds:
We employ and continually update techniques to detect and block suspicious accesses that may indicate potentially stolen cookies, while introducing innovations such as device-specific session credentials.
Google also says that users who have lost access to their accounts have seven days to recover them. The company also advises setting additional security measures.
Our automated account recovery process allows users to restore their original data for up to 7 days after a security incident is detected. For additional protection, we continue to encourage users to use security tools such as access keys and Google Security Review.
