article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 331
article thumbnail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site,[.]com. The Coinbase phishing panel.

Passwords 337

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

So long passwords, thanks for all the phish

Google Security

When you do, Google will not ask for your password or 2-Step Verification (2SV) when you sign in. Passkeys are a more convenient and safer alternative to passwords. Using passwords puts a lot of responsibility on users. Using passwords puts a lot of responsibility on users.

Passwords 111
article thumbnail

Bitwarden password vaults targeted in Google ads phishing attack

Bleeping Computer

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [.]

Phishing 144
article thumbnail

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing 238
article thumbnail

Google adds passkey option to replace passwords on Gmail and other account services

Tech Republic Security

Storing passkeys directly on devices will cut down on successful phishing, Google suggests. Is it the beginning of the end for passwords? The post Google adds passkey option to replace passwords on Gmail and other account services appeared first on TechRepublic.

Passwords 176
article thumbnail

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 324