We Define IT
  • Home
  • Plans
  • Testimonials
  • Professional Services
  • Blog
  • Contact
  • Login

How Hackers Get Around SMS Two-Factor Authentication

9/15/2021

0 Comments

 
Every time you’re online and a site sends a separate code to check your identity, you’re using two-factor authentication. It’s become the norm. So, of course, hackers have figured out how to get around this, too. This article shows you how they do it and how to stay safe.

With billions of usernames and passwords leaked, access credentials everywhere are at risk, especially if you are reusing your log-in information on more than one site (don’t do it!).

Business websites want to offer a secure user experience, so two-factor authentication (2FA) has become the norm. It’s meant to help stop automated attacks in which bad actors use the leaked usernames and passwords.

Still, if the site you’re visiting uses short message service (SMS) to send a one-time code to your phone, you could still be at risk.

Hackers, using information they have from a data leak, can call your telephone company. They use your name, date of birth, and other identifiers available on the Dark Web, to impersonate you. Then, say you’ve lost your phone, they transfer your phone number to a device with a different SIM card.

That means when the one-time SMS code gets sent your phone number, the message will instead go to their device.

Android Users Also Beware
On Android devices, hackers have an easier time getting access to text messages. If they have access to your leaked Google credentials, they can log into your Google Play account. From there, it’s simply a matter of installing a message-mirroring app on your smartphone.

The app synchronizes notifications across your different devices. It’s for when you really need to be connected, and you’ll be able to see your phone’s SMS alerts on your tablet!

The app won’t work unless you give it permission when prompted to do so, but too many people don’t stop to read alerts from their own accounts: they assume it’s another necessary update and go on with their day. Otherwise, the hacker might call you in a social engineering ploy pretending to be a legit service provider. They’ll be familiar to you, so you’re more likely to listen when they ask you to give permission.

Again, when the one-time SMS code gets sent to your phone, because of the message-mirroring app, the hacker's device will also receive the code.

What Can You Do to Protect Yourself?
It starts with using unique passwords for all sites you visit. Worried you’ll forget them? A password manager can keep all your access credentials in one secure place for you.

You should also confirm that your credentials haven’t been compromised. If you use Google’s password service, you can head to the password manager site and tap “check passwords” to see if there are any issues. On Firefox, head to the Firefox Monitor page and “Check for Breaches.” On Safari, click on Preferences, and then on Passwords to see what recommendations they have for your security.
Change any passwords that have been involved in a leak!

To avoid the SMS concern specifically, avoid using one-time SMS codes to verify your identity. Instead, you can use a non-SMS authentication tool such as Google authenticator, which provides two-step verification services within the app itself.
​
Need help learning if your credentials have been leaked? Or want assistance setting up more security for your online activity? We can help. Contact our IT experts today at (888) 234-WDIT(9348).

Picture
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Stay connected to our Blog for vital, timely and  relevant information to keep your personal technology optimized, updated and protected.

    Categories

    All
    Browsers
    Cat
    Cconnectivity
    Cell Phone
    Children
    Cloud
    Computer
    Computer Damage
    Content Creation
    Cybersecurity
    Data
    Data Theft
    Deepfake Voice
    Dog
    Download
    Email
    Fake
    False Information
    Fraud
    Furry Family Member
    Google Search
    Graphics Card
    Guide
    Hacking
    Hard Drive
    Hardware
    Holidays
    Influencer
    Laptop
    Laptop Batteries
    Malware
    Managed Services
    Memory
    Mobile
    Mobile App Store
    Monitor
    Network
    New Device
    Online Shopping
    Operating System
    OS
    Password
    Password Autofill
    Password Manager
    Pet
    Pet Lover
    Pet Risk
    Printers
    Privacy
    Ransomware
    Repair
    Residential
    Safety
    Scam
    Seniors
    Shortcut
    Social Media
    Software
    Storage
    Tablets
    Tech Tips
    Victim
    Video Card
    Video Editing
    Windows

    Archives

    March 2025
    February 2025
    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    June 2024
    May 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020

    RSS Feed

Connect With Us
Remote First - Our Company Blog
 Facebook
Twitter
E-Mail
Instagram
LinkedIn
RSS Feed
Services

24/7 Remote Help Desk & NOC Services

Unlimited On-Site Technical Repair Services

Managed Anti-Virus, Malware, Spyware, Greyware, Rootkit and Identity Theft Protection


Windows / Mac / Linux / Unix File Server, Exchange and SQL Backup & Disaster Recovery

Secure, Redundant Cloud Storage

Apple, Windows Activesync, Android, Blackberry & Nokia Symbian Mobile Device Management

Managed IT Services Consulting

Virtual Chief Information Officer (CIO) Services
Client Remote Support

Enter 6-Digit Remote Support Code




Picture
Search Our Site

Home  |  @Home - Residential  |  @Work - Business  |  @School - Educational  |  @Worship - Spiritual |  Virtual CIO  |  Contact Us  |   Login

CALL US TOLL-FREE:  888-234-WDIT
Copyright ©2021  We Define IT LLC, All Rights Reserved. 
Site Design by  Nu Web Order Designs.  Hosting Powered by  Hostivity.

New York, New Jersey,  Connecticut, Pennsylvania, Brooklyn, Manhattan, Queens, Bronx, Staten Island, Long Island, Technical, Computer,  Managed IT, Support, Services
  • Home
  • Plans
  • Testimonials
  • Professional Services
  • Blog
  • Contact
  • Login