Kaspersky Unveils Advanced Phishing Techniques to Bypass 2FA
Advanced Phishing Techniques, Two-Factor Authentication Bypass |
Kaspersky has revealed the evolution of sophisticated phishing techniques employed by cybercriminals to circumvent two-factor authentication (2FA), a critical security measure designed to protect online accounts. Despite the widespread adoption of 2FA by many websites and organizations, attackers are continually developing advanced methods to deceive users and gain unauthorized access to their accounts.
Phishing and OTP Bots
Attackers are using a combination of phishing and automated One-Time Password (OTP) bots to trick users. This technique involves collecting user login credentials through phishing websites that mimic legitimate login pages of banks, email services, or other online accounts. Once the credentials are obtained, the attacker attempts to log into the account, triggering the OTP to be sent to the user's phone.
Social Engineering Through Phone Calls
The OTP bot then calls the user, pretending to be a representative from a trusted organization. Using a pre-scripted dialogue, the bot persuades the victim to share their OTP. Phone calls are used because they are more effective in deceiving victims compared to text messages, increasing the likelihood of a quick response from the user.
Managing OTP Bots and Their Advanced Features
Scammers manage OTP bots through online panels or platforms like Telegram. These bots come with advanced features such as the ability to mimic male or female voices, support multiple languages, and spoof phone numbers to make the caller ID appear legitimate. These features enhance the effectiveness and believability of the fraudulent calls.
Concerning Attack Data
Kaspersky reported that from March 1 to May 31, 2024, their products prevented 653,088 attempts to visit phishing sites targeting the banking sector. During the same period, Kaspersky detected 4,721 phishing pages designed to bypass two-factor authentication in real-time.
Importance of Vigilance
Olga Svistunova, a security expert at Kaspersky, emphasized the importance of vigilance and best security practices. "Social engineering can be very sophisticated, especially with the use of OTP bots that can mimic genuine calls from service representatives or trusted organizations," she said.
Kaspersky’s Recommendations for Protection
Kaspersky offers several suggestions to protect against these advanced scams:
- Avoid clicking links in suspicious emails. Manually type the website address or use bookmarks.
- Ensure the website address is correct before entering credentials. Use Whois services to check newly registered websites.
- Never share OTP codes received via phone calls. Legitimate banks and companies do not use this method for verification.
Kaspersky’s Security Solutions and Training
To protect companies from threats, Kaspersky offers real-time security solutions and cybersecurity training. Kaspersky Next provides protection, threat visibility, investigation, and response capabilities for organizations of all sizes. Additionally, Kaspersky offers practical training for InfoSec professionals to enhance their technical skills and defend companies against sophisticated attacks.
Staying Ahead of Phishing Threats
As phishing techniques become increasingly sophisticated, it is crucial to remain vigilant and adhere to best security practices. Through ongoing research and innovation, Kaspersky continues to provide security solutions to safeguard digital lives.
With the continual evolution of cyber threats, it's imperative to stay informed about the latest security measures and to implement robust defenses to protect against these advanced phishing techniques. Kaspersky's commitment to cybersecurity ensures that both individuals and organizations can navigate the digital landscape with greater confidence and security.
0 Response to "Kaspersky Unveils Advanced Phishing Techniques to Bypass 2FA"
Post a Comment