. home.aspx



White Hat Spoofs 2FA, Sends User to Phishing Page

May 11, 2018 / Kacy Zurkus

Social engineering tactics are the bread and butter of hackers. Preying on trust, malicious actors are able to lure users into sharing personal information, even login credentials. White hat hackers will often leverage these same tactics for good, which Kevin Mitnick, chief hacking officer, KnowBe4 demonstrated in a public video where he used a new exploit to hack LinkedIn's two-factor authentication (2FA). When 2FA is enabled and a user attempts to log in to a website, they first have to enter a code. As an additional layer of security intended to verify the authenticity of the user, that code is sent via email or SMS. Using a tool called Evilginx, developed by white hat hacker Kuba Gretzky, Mitnick bypassed 2FA by sending a user to a fake login page. TechCrunch reported, "By convincing a victim to visit a typo-squatting domain liked 'LunkedIn.com' and capturing the login, password, and authentication code, the hacker can pass the credentials to the actual site and ca...