The Booming Underground Market for Bots That Steal Your 2FA Codes

The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. From a report: The call came from PayPal's fraud prevention system. Someone had tried to use my PayPal account to spend $58.82, according to the automated voice on the line. PayPal needed to verify my identity to block the transfer. "In order to secure your account, please enter the code we have sent your mobile device now," the voice said. PayPal sometimes texts users a code in order to protect their account. After entering a string of six digits, the voice said, "Thank you, your account has been secured and this request has been blocked. Don't worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up," the voice said. But this call was actually from a hacker. The fraudster used a type of bot that drastically streamlines the process for hackers to trick victims into giving up their multi-factor authentication codes or one-time passwords (OTPs) for all sorts of services, letting them log in or authorize cash transfers. Various bots target Apple Pay, PayPal, Amazon, Coinbase, and a wide range of specific banks. Whereas fooling victims into handing over a login or verification code previously would often involve the hacker directly conversely with the victim, perhaps pretending to be the victim's bank in a phone call, these increasingly traded bots dramatically lower the barrier of entry for bypassing multi-factor authentication.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/3EL3yhc

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER