<invalid character>
Follow

sigh - another nick in 2FA's armor.

an attacker can craft an email which will send you to a phishing server. This server will make you think you're entering your credentials and 2FA code, but in reality you're just entering it to the attacker.

listen, 2FA is still a good idea, but you need to make sure that you're actually going to the site you think you are. Check the link in emails, type it in manually.

This attack *doesn't* work on fob-based 2FA.

itpro.co.uk/two-factor-authent

· 0· 2· 7
Just Another Meeple  

@0x56 you folks always remind me not to get to lax when it comes to security.
Thanks for that and for all the info too.

0
AllegedSausageRoll  

@0x56 The old rule "don't click links in emails" is really limiting, really annoying, but it sure stops a lot of problems (like this one) cold.

It's probably also just slightly too complicated for average users to remember, understand, or follow consistently.

Sigh indeed.

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…