Bypass two factor authentication: phishing and cookie session hijacking

Hacker Kevin Mitnick had an interesting YouTube video presenting how relying on 2FA can trick you in lowering your guard and become a victim for phishing attacks and cookie session hijacking.

You can see the YouTube video and his input at : https://www.youtube.com/watch?time_continue=1&v=xaOX8DS-Cto

He uses for the example a bogus domain similar to linkedin.com and an email sent to you Gmail – probably protected with 2FA :)) – from a “LinkedIn friend”.  Simple phishing attack followed by cookie session hijacking and puff he gains control to your account. Of course 2FA is not intended to defend you from such attacks but sometimes having several layers of protection makes you feel in control  and maybe disregard other threats.

 

Leave a Reply