Great Moto G Stylus deal on Amazon!
PhoneArena unveils the ultimate collector’s book for phone enthusiasts
PhoneArena unveils the ultimate collector’s book for phone enthusiasts

Report explains why Gmail users are losing their accounts despite having 2FA enabled

By
4comments
Google
Report explains why Gmail users are losing their accounts despite having 2FA enabled
Two-factor authentication or 2FA is designed to give you peace of mind that even if someone else gets ahold of your password, they won't be able to access your account. Some hackers targeting Gmail and YouTube users have figured out a way around that.

There has been an increase in the number of users complaining about 2FA getting compromised in recent times. They say hackers got into their accounts, even though they had 2FA activated, and have changed their password as well as recovery details.

My Google account got hacked. The hackers changed the password and the phone number and also edited the 2 factor authentication settings. So I have no way to log in to that account." - User 9385175895309290528

Hi! A person has stolen my Gmail account. They changed the two factor authentication to their own recovery email and phone. Account recovery is not working and sends me on a loop. I am the legitimate owner for over 10 years and have identifying information if necessary." Daniel Salinas 72368

Forbes has linked these incidents to a scam that lures unsuspecting users with the promise of free XRP - a cryptocurrency developed by Ripple. The most common trick used by these cybercriminals is to make an offer to double the amount of XRP that's sent to them. 

The requests come from what appears to be a legitimate Ripple management account and to sound more convincing, they have also made deepfake videos of CEO Brad Garlinghouse.

Ripple has made it clear that it would never ask people to send them XRP and has asked them to not fall prey to these scams.

Recommended Stories
The question remains though - how are the scammers bypassing 2FA security? They send phishing emails to their victims which directs them to cookie theft malware. The malware has been designed to steal session cookies, which are small pieces of data that make it quicker to sign in to various accounts. Session hijackers masquerade as legitimate users, tricking websites into thinking they are you.

Google has acknowledged that session cookie hijacking has long been a problem but adds:

There are techniques we use and continuously update to detect and block suspicious access indicating potentially stolen cookies in addition to pushing forward innovations like device bound session credentials."

Google also assures that users who have lost access to their accounts have seven days to get them back. The company also advises users to set up additional measures to keep their accounts safe.

Our automated account recovery process allows a user to use their original recovery factors for up to 7 days after it changes provided they set them up before the incident. For additional protection, we continue to encourage users to take advantage of security tools, like passkeys and Google’s Security Checkup."
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Recommended Stories

Loading Comments...

Popular stories

Apple warns iPhone users about overnight iPhone charging
Apple warns iPhone users about overnight iPhone charging
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
T-Mobile may raise 'older rate' plan prices in June
T-Mobile may raise 'older rate' plan prices in June
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet

Latest News

The way you handle your iPhone apps could be hurting battery life and performance
The way you handle your iPhone apps could be hurting battery life and performance
HTC could launch another mid-range smartphone this summer
HTC could launch another mid-range smartphone this summer
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
Apple removes three apps from App Store that claimed in ads they could create AI porn
Apple removes three apps from App Store that claimed in ads they could create AI porn
FCC OKs Cingular\'s purchase of AT&T Wireless