Don’t leave your email exposed to hackers: stay protected with two-factor authentication

Over the last few days, Gmail, Outlook, Yahoo and other email services have been the target of a new and nasty social engineering hacking strategy that requires only your email address and phone number to break in. Similar to many of the hacks covered in our Phishing Tales of Terror blog post, this new attack type phishes you via text message where it is harder to identify what is real and what is not, compared to email. Hopefully this post can help you better understand the threat as well as the simple things you can do to reduce your chances of being affected.

Hackers can highjack your email account just by knowing your mobile phone number

Here’s how they do it:

First, the hacker visits your email login page, and goes through the steps to attempt a password recovery (the process designed for account owners who have forgotten their own passwords). The hacker then selects the recovery option to send a verification code to your phone, and then immediately follows up with a direct text to the same known phone number with a message along the lines of:

“We have detected unusual account activity and have just sent you an SMS with a verification code. Please respond with this code to confirm your identity and stop all unauthorized account activity.”

If everything goes according to plan and the timing is correct, users will often respond to the hacker’s text providing them with the verification code, giving the hacker the ability to set a temporary password and gain access to your account on the spot with all the information that it contains.

SMS verification- a poor man’s two-factor authentication?

Although the process may be simple, the inherent risk of using an SMS-based password recovery system becomes immediately apparent with the rise of these new attacks. Fortunately, Intermedia AppID®, a single sign-on portal, can help provide stronger security for your critical applications with two-factor authentication (2FA)

We do this by eliminating the need to use a vulnerable SMS recovery and authentication system and instead providing a personalized and specific app for Android and iOS called VeriKey. With the ability to conduct the entire 2FA process within the application or to choose a different 2FA options including a one-time passcode, text message or voice call, you can be confident that all password- and account-management-related changes are under your control.

The recently released VeriKey app is included at no extra cost for all current and future Intermedia customers using AppID, and was designed specifically to counter hacking and phishing strategies like the one currently affecting Gmail, Outlook and Yahoo.

Interested in learning more? Give us a call at 1.800.379.7729 or start using Single Sign-On and 2FA with AppID today for the first 30 days free.

About Sharon Svensson

Sharon Svensson is Director of Marketing for Intermedia's Security Products Division.