Security researchers have discovered a very worrying fraud method.

Security researchers have discovered a very worrying fraud method

Security researchers have discovered a very worrying fraud method.

Researchers from the cybersecurity company Sekoia discovered the new fraud service called Tycoon 2FA. This tool allows you to bypass security called “double authentication” (2FA), that is to say the protection of accounts with either a code sent by SMS or a code to be entered, generated by an authentication application such as Google Authenticator.

To bypass 2FA protection of Gmail or Microsoft365 accounts, Tycoon 2FA seeks to redirect victims to a cloned account login page. Once the username and password are entered, Tycoon 2FA presents what appears to be a real request to enter a two-factor authentication code to confirm the user’s identity. However, what criminals do, researchers say, is intercept the 2FA code to bypass security measures. Login cookies are captured and can then be reused by hackers to bypass real 2FA protections on the account.

When victims fall for these phishing attacks that bypass multi-factor authentication, they actually log in themselves and authorize access. This is not a failure on the part of the 2FA mechanism itself, because the credentials entered are sufficiently authentic.

A regular poster of changes between Tycoon 2FA releases on a dedicated Telegram channel, and going by a multitude of names, is believed by Sekoia to be the developer of the phishing kit. Researchers were able to find working phishing pages targeting Gmail accounts for sale, starting at just $120 for 10 days of use, as well as others designed for Microsoft 365 accounts.

How to protect yourself from this new form of attack which bypasses the protections of Gmail or Microsoft365? By being very vigilant when you receive an email asking you to log in to your account. This is how all attacks begin. It is therefore recommended to never click on the link contained in the email but to go directly to the login page of your account. From this login page, you can log in securely and then view your emails or online documents. Finally, know that tools like Gmail or Microsoft 365 will never write to you and ask you to log in.

ccn3