SOLVED: VIDEO: 4 Ingenious Ways Hackers Get Around Two Factor Authentication

If you are like most people, you think two factor authentication is nearly impossible to get around.  This is because two factor includes:

  1. something you know (like a username and password)
  2. something you have (like your cell phone that has a PIN code texted to you)

So if a hacker gets your username and password, say through a phishing site you accidentally typed your credentials into, they still can’t get in because they don’t have the PIN code that the web site in question (your bank, Gmail, your company…) sent to you… or can they.  Below are four ways hackers get your PIN code:

1: Redirect Your Cell To New Cell

This actually happens.  A hacker calls your cell telco and convinces them that your cell was lost or stolen so they need to assign your number to a new SIM card.  Watch this 1 minute video:

2: Automate the Hack To Request Your Pin Code

  1. The hackers send you a phishing message and when you click on it, you are taken to a webpage that looks exactly like what the site you are want to connect to
  2. You enter your username and password into the fake site, and they hackers instantly re-enter the username and password on the real site
  3. This triggers the request to generate a PIN code
  4. The FAKE page asks you for your PIN code, so you enter it
  5. The hacker then enters the PIN code into the REAL site

Bingo the hacker now has access to whatever you have on the REAL site.  If you don’t follow this logic, watch about 3 minutes of this video (just ignore the title of that video as we start 12 minutes in):

3: Hack the Phone Company (MUCH Easier than you think)

Your cell provider and the telco that the website hackers are trying to get into are almost certainly different and you probably will be shocked to learn that text communication between telco’s has virtually no security.

Watch about 1 minute of this video and you will fall down in amazement:

4: SIM Card Cloning

If someone can clone your SIM card… and they can… they can receive your text messages… including your PIN codes:

 

Leave a Reply