Advanced Phishing Attacks Bypass Two-Factor Authentication, Steal Gmail Accounts

Security researchers at SlashNext have alerted the public about sophisticated phishing methods that use session hijacking to bypass two-factor authentication according to The Sun.

The hacking group Astaroth launched these attacks during late January by delivering attack links via email to victims until they clicked which redirected them through a fake login page exactly similar to the actual page.

Internet users will receive no warning signals because they believe the page belongs to the legitimate site even though it leads attackers to obtain their account credentials.

The newest phishing campaign accomplished more than simple login credential theft by hacking two-factor authentication protocols using instant session cookie and authentication code acquisition during creation time thus allowing quick yet accurate bypasses of two-factor authentication protections. The attackers can monitor text messages with access codes because this practice exposes the code delivery through messaging platforms.

The Astaroth group stands out due to its sophisticated nature because it intercepts all authentication data in real time according to the SlashNext report on phishing scams.

Research data shows Astaroth attacks create a higher security standard which significantly reduces the effectiveness of typical phishing methods and associated defense systems.

Through the dark web the "Astaroth" organization offers phish-based services for $ 2,000 and includes automated product updates during a six-month period.

Artificial Intelligence Drives Phishing Attacks

A warning about the new AI-assisted scam emerged this week which robbed user data and breached Gmail accounts. AI-powered phishing attacks began alerting the FBI during May of last year and succeeded in both account theft and identity theft according to information from The Sun.

FBI Special Agent in Charge Robert Tripp reported that phishing attackers use artificial intelligence to develop authentic-seeming audiovisual data and email content that targets people and organizations. The complex attack methods lead to severe financial loss and harm reputation alongside exposure of critical information.