New email account warning
For the billions logging into Gmail and Outlook accounts daily, as well as other major email platforms including AOL and Yahoo, there’s a dangerous new attack to worry about. If you think 2FA always keeps you safe, think again. This attack “bypasses two-factor authentication through session hijacking and real-time credential interception.” The dangerous sign-in page you need to avoid is shown below.
The warning comes courtesy of SlashNext, which has just published a report into a new phishing kit dubbed Astaroth. On an infected device, this deploys a man-in-the-middle attack between user and legitimate account sign-in page, “capturing login credentials, tokens, and session cookies in real time, effectively bypassing 2FA.”