Amnesty International has discovered phishing attacks that impersonate Google and Yahoo.
The attempts may have originated with the same hackers who had cloned the
Tutanota and ProtonMail sites.
Unlike those campaigns, however, these efforts are “designed to defeat the most common forms of two-factor authentication that targets might
use to secure their accounts,” the group says.
Amnesty was alerted to the problem by human rights defenders and journalists from the Middle East and North Africa.
“Investigating these emails, we identified a large and long-running campaign of targeted phishing attacks that has targeted hundreds, and likely over one thousand people overall,” the
group reports.
It adds: “Most of the targets [are] seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.” The attackers have found that fake security
alerts often work, it continues.
The researchers created a disposable Google Account, and went to a phishing page that required a “2-step Verification code (another term for two-factor
authentication) via SMS to the phone number we used to register the account, consisting of six digits.”
They were finally presented with a form asking them to reset the password for the
account. They undertook a similar exercise for Yahoo.
The report contends that while two-factor authentication is important, criminals can work around it, and people can be “misled into
believing that, once it is enabled, they are safe to log into just about anything and feel protected.”