Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.
Full article: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail | Ars Technica