Two-factor authentication or 2FA is designed to give you peace of mind that even if someone else gets ahold of your password, they won’t be able to access your account. Some hackers targeting Gmail and YouTube users have figured out a way around that.
There has been an increase in the number of users complaining about 2FA getting compromised in recent times. They say hackers got into their accounts, even though they had 2FA activated, and have changed their password as well as recovery details.
The requests come from what appears to be a legitimate Ripple management account and to sound more convincing, they have also made deepfake videos of CEO Brad Garlinghouse.
The question remains though – how are the scammers bypassing 2FA security? They send phishing emails to their victims which directs them to cookie theft malware. The malware has been designed to steal session cookies, which are small pieces of data that make it quicker to sign in to various accounts. Session hijackers masquerade as legitimate users, tricking websites into thinking they are you.
Google has acknowledged that session cookie hijacking has long been a problem but adds:
There are techniques we use and continuously update to detect and block suspicious access indicating potentially stolen cookies in addition to pushing forward innovations like device bound session credentials.”
Google also assures that users who have lost access to their accounts have seven days to get them back. The company also advises users to set up additional measures to keep their accounts safe.
Our automated account recovery process allows a user to use their original recovery factors for up to 7 days after it changes provided they set them up before the incident. For additional protection, we continue to encourage users to take advantage of security tools, like passkeys and Google’s Security Checkup.”