Report explains why Gmail users are losing their accounts despite having 2FA enabled
Two-factor authentication or 2FA is designed to give you peace of mind that even if someone else gets ahold of your password, they won't be able to access your account. Some hackers targeting Gmail and YouTube users have figured out a way around that.
There has been an increase in the number of users complaining about 2FA getting compromised in recent times. They say hackers got into their accounts, even though they had 2FA activated, and have changed their password as well as recovery details.
My Google account got hacked. The hackers changed the password and the phone number and also edited the 2 factor authentication settings. So I have no way to log in to that account." - User 9385175895309290528
Hi! A person has stolen my Gmail account. They changed the two factor authentication to their own recovery email and phone. Account recovery is not working and sends me on a loop. I am the legitimate owner for over 10 years and have identifying information if necessary." Daniel Salinas 72368
Forbes has linked these incidents to a scam that lures unsuspecting users with the promise of free XRP - a cryptocurrency developed by Ripple. The most common trick used by these cybercriminals is to make an offer to double the amount of XRP that's sent to them.
The requests come from what appears to be a legitimate Ripple management account and to sound more convincing, they have also made deepfake videos of CEO Brad Garlinghouse.
Ripple has made it clear that it would never ask people to send them XRP and has asked them to not fall prey to these scams.
The question remains though - how are the scammers bypassing 2FA security? They send phishing emails to their victims which directs them to cookie theft malware. The malware has been designed to steal session cookies, which are small pieces of data that make it quicker to sign in to various accounts. Session hijackers masquerade as legitimate users, tricking websites into thinking they are you.
Google has acknowledged that session cookie hijacking has long been a problem but adds:
There are techniques we use and continuously update to detect and block suspicious access indicating potentially stolen cookies in addition to pushing forward innovations like device bound session credentials."
Google also assures that users who have lost access to their accounts have seven days to get them back. The company also advises users to set up additional measures to keep their accounts safe.
Our automated account recovery process allows a user to use their original recovery factors for up to 7 days after it changes provided they set them up before the incident. For additional protection, we continue to encourage users to take advantage of security tools, like passkeys and Google’s Security Checkup."
Things that are NOT allowed: