Phishing Attacks that Defeat 2FA Every Time

Phishing Attacks that Defeat 2FA Every Time

Posted March 13, 2021

Phishing Attacks that Defeat 2FA Every Time

  • Assessing the risk of bypassing 2FA is an important part of any risk assessment, so we thought it would be helpful to review some of the threats we repeatedly encounter that defeat 2FA or multi-factor authentication (MFA).
  • Cyber-attacks that have successfully defeated 2FA and MFA. Here are four examples:
    • Man-In-The-Middle Attack
    • Technical Support Scams
    • Fake 2FA pages or pop-ups
    • Scareware
  • As 2FA and MFA were designed to help protect unauthorized user log-ins, cybercriminals continue to develop new approaches to access second-factor credentials, spy on browser activity, and compromised machines.

– Lisa O’Reilly | March 13, 2021