Amnesty International has discovered phishing attacks that impersonate Google and Yahoo.
The attempts may have originated with the same hackers who had cloned the Tutanota and ProtonMail sites.
Unlike those campaigns, however, these efforts are “designed to defeat the most common forms of two-factor authentication that targets might use to secure their accounts,” the group says.
Amnesty was alerted to the problem by human rights defenders and journalists from the Middle East and North Africa.
“Investigating these emails, we identified a large and long-running campaign of targeted phishing attacks that has targeted hundreds, and likely over one thousand people overall,” the group reports.
It adds: “Most of the targets [are] seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.” The attackers have found that fake security alerts often work, it continues.
The researchers created a disposable Google Account, and went to a phishing page that required a “2-step Verification code (another term for two-factor authentication) via SMS to the phone number we used to register the account, consisting of six digits.”
They were finally presented with a form asking them to reset the password for the account. They undertook a similar exercise for Yahoo.
The report contends that while two-factor authentication is important, criminals can work around it, and people can be “misled into believing that, once it is enabled, they are safe to log into just about anything and feel protected.”