As scary as it sounds, Google’s super-secure two-step verification system to prevent your Gmail account from getting hacked is not a foolproof way to secure your account.
Hackers have now found a way to beat this system as well; more and more access is coming out after it was first reported.
To hack a Gmail account that has Two Factor Authentication enabled, Hackers are tricking users who are not much aware of how the tech works, and there are a lot of people who can fall victim to it.
Here is how it works
What Happens at Victims End: Hackers send an email or message to the victim asking them to discuss something and sends them a link to check out a document. The link takes the victim to a Google Drive page, asking the victim to Login into it to view the documents.
When the victim enters his login credential, he is sent a text to his mobile phone as the Two Factor Authentication is enabled. The moment the victim opens the Authentication Code into the fake page, the user is redirected to the Google Drive document just like it would in a typical case.
What Happens at Hacker’s End: Normally, when you are logged into your Gmail, and click on a Google Drive link, you wouldn’t be asked for logging in as you are already logged in. So, the Google Drive page is a fake page created by the hacker to ask for Victim’s login credentials.
The victim is putting his login credentials on behalf of the Hacker, and the Authentication code the Victim would enter would also be for the Hacker to login to Victim’s Gmail account.
So, if the victim is not alert, he will not be aware of the hack unless something terrible happens to his account.
This is not the only way hackers can bypass the Two Factor Authentication, as Documented by How-to Geek.
There is another way to do it, but it requires the hacker to know some personal details in order to perform the hack as the hacker needs to make a call to the customer service of the Victim’s cellular company and pretend to be him (by providing personal details like Date of Birth, Home Address, SSN, etc.)
If your cellular company provides a web interface to enable/disable features like Access to Voice Mail, SMS, or Call Forwarding, then it is another weak point a hacker can take advantage of to get a hold of your Gmail account.
It is As Scary As It Sounds
Now, many people are not that much tech-friendly to understand what has happened to their account, or what a user can do after hijacking his Gmail account. But an email account is the epicenter of all the accounts one has created online, be it Facebook, Instagram, or accounts that involve money like PayPal, Premium Domain Names, etc.
Apart from that, many people have confidential and personal information in their emails, and this is the reason why more high profile Politicians and Celebs are on the list of Hackers.
How to prevent your Account from Hackers
Now that we have told you that Two Factor Authentication is not a foolproof system, it doesn’t mean you should be using it. Your account is far more secure than without a Two Factor Authentication.
What you need to do is, stay aware of the places you login into your account, check the link in the address bar and see if it’s really from Google, and you if you are already logged into your account, it shouldn’t ask you to log in.
Also, try protecting all the weak links that would lead to a hack, do not mention your email address everywhere on the web, or it would be better to use a separate email account for all other Social Account and keep your essential email private.
No matter how many layers of security is introduced by Google and other companies to secure your account, Hackers will find a way to crack it, if you keep that in mind, you will end up taking good care of your account.