Report explains why Gmail users are losing their accounts despite having 2FA enabled

Report explains why Gmail users are losing their accounts despite having 2FA enabled
Two-factor authentication or 2FA is designed to give you peace of mind that even if someone else gets ahold of your password, they won't be able to access your account. Some hackers targeting Gmail and YouTube users have figured out a way around that.

There has been an increase in the number of users complaining about 2FA getting compromised in recent times. They say hackers got into their accounts, even though they had 2FA activated, and have changed their password as well as recovery details.

Forbes has linked these incidents to a scam that lures unsuspecting users with the promise of free XRP - a cryptocurrency developed by Ripple. The most common trick used by these cybercriminals is to make an offer to double the amount of XRP that's sent to them. 

The requests come from what appears to be a legitimate Ripple management account and to sound more convincing, they have also made deepfake videos of CEO Brad Garlinghouse.

Ripple has made it clear that it would never ask people to send them XRP and has asked them to not fall prey to these scams.

The question remains though - how are the scammers bypassing 2FA security? They send phishing emails to their victims which directs them to cookie theft malware. The malware has been designed to steal session cookies, which are small pieces of data that make it quicker to sign in to various accounts. Session hijackers masquerade as legitimate users, tricking websites into thinking they are you.

Recommended Stories
Google has acknowledged that session cookie hijacking has long been a problem but adds:

Google also assures that users who have lost access to their accounts have seven days to get them back. The company also advises users to set up additional measures to keep their accounts safe.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless