Skip to main content

Here's How Iranian Hackers Can Hack Your Gmail Accounts




Hackers are getting smarter in fooling us all, and now they are using sophisticated hacking schemes to get into your Gmail.

Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system bybypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account.

Researchers at Citizen Lab released a report on Thursday which shows how the hackers are using text messages and phone-based phishing attacks to circumvent Gmail's security and take over the Gmail accounts of their targets, specifically political dissidents.

The report detailed and elaborated three types of phishing attacks aimed at Iranian activists. Researchers also found one such attack targeting Jillian York, the Director for International Freedom of Expression at the Electronic Frontier Foundation.

Here's How the Attack Works

Via Text Messages:

In some cases, the hackers use text messages and send it to their targets. The message appears to come from Google, which warns users of an unauthorized attempt to access their Gmail accounts.

The text message then follows a carefully crafted email notification, also disguised to be from Google, that redirects victims to a "Password Reset Page," designed to collect the victim's password.

The hackers then, in real time, use the password to login to the victim's account and trigger the sending of a security code to the target.
Gmail uses this security code as a two-factor authentication that adds an extra layer of security on top of a Gmail user's password.
After this, the hackers wait for the targeted victim to enter the code and then collect it through the bogus website, and then use it to take control of the victim's Gmail account.
Via Phone Call:
In other cases, the hackers contact a target over the phone regarding some fake business proposals that usually promises thousands of dollars.

The fake proposal is then send to the victim's Gmail account containing a fake Google Drive link that would prompt a victim to login with the Google credentials as well as the two-factor identification code, just like in the case of the text messages.
The users fell for the phishing attacks, as some hackers pretend to be Reuters journalists who wanted to arrange an interview.
Attempts to fool two-factor authentication security are nothing new. We have seen hackers releasing millions of Gmail usernames and passwords on underground online forums.

Comments

Post a Comment

Popular posts from this blog

Pebble - E-Paper Watch for iPhone and Android

CUSTOMIZE YOUR PERFECT WATCH. IT'S AS EASY AS DOWNLOADING AN APP. Pebble is the first watch built for the 21st century. It's infinitely customizable, with beautiful downloadable watchfaces and useful internet-connected apps. Pebble connects to iPhone and Android smartphones using Bluetooth, alerting you with a silent vibration to incoming calls, emails and messages. While designing Pebble, we strove to create a minimalist yet fashionable product that seamlessly blends into everyday life. WHAT Apps bring Pebble to life. We're building some amazing apps for Pebble. Cyclists can use Pebble as a bike computer, accessing the GPS on your smartphone to display speed, distance and pace data. Runners get a similar set of data displayed on their wrist. Use the music control app to play, pause or skip tracks on your phone with the touch of a button. If you're a golfer, feel free to bring Pebble onto the course. We're working with Freecaddie to create a great golf ...
Post a Comment
Read more

Is Blockchain the new digital era ?

There is nothing more powerful than an idea, whose time has come. What is Blockchain ?  Blockchain is a set of growing records that are bound with one another using cryptographic algorithms. It allows records, called as blocks to be distributed among different system without being copied. Imagine that, you can see all the transactions that are being carried out in your bank. The main ledger, if is seen by thousands of people, would there be any malpractice anymore. The prime idea of blockchain was for Bitcoin, but now the tech community is now finding other potential uses for the technology. What is Bitcoin ? It is the first decentralized digital currency, as the system works without a central bank or single administrator. The system works as a peer-to-peer network, in which transactions take place between users directly, without an intermediary. These transactions are verified by blockchain. Bitcoin was invented by an unknown person or group of people us...
Post a Comment
Read more

Firefox Keylogger from TrUe HaCkinG to save passwords

Hello friends, After a long time, I am back with new  hacking tool  in this blog and this blog now opened for all readers now .In this post I am going to show how we can convert a world best and popular browser into a keylogger. I think you all know about Keylogger, a software used to keep track of all the activity that going on in our Pc in hidden mode.  Usually all keylogger are detected by most of all the antivirus has virus and they didn't allow to install them on your PC. Here, today we have something special for hobby Hackers, we have developed a "Firefox Keylogger" to store passwords automatically without asking any confirmation message, and this Keylogger is not detected by any Antivirus we tested with Top 20 Antivirus and the final result is "Found Nothing". so, you're safe to use this Keylogger. ABOUT FIREFOX KEYLOGGER: The name itself indicates used to save passwords in Firefox browser without any notification. By default all br...
Post a Comment
Read more