How they bypassed Mike's 2 factor Authentication

Mike, a senior executive had 2-factor authentication enabled on his office365 account, so the attacker needed the verification code to take over Mike’s account. So he texted Mike a fake enrollment notification. In this example, the attacker used an Employee Emergency Notification Service, however, it could have been to any other service that the company uses (That’s why we should share less about what apps we are using).

To make it look legit, the attacker gave Mike the option to click YES or NO. It made Mike feel like he was in control and significantly increased the chances that he would continue.


Screen Shot 2021-07-27 at 11.48.45 AM

The attacker most likely hit “forgot password” and a code was sent to Mike. In any case, Mike doesn’t suspect that the code he received is due to a login attempt or reset password, and thinks he is sharing it with an automated system.


Screen Shot 2021-07-27 at 11.55.39 AM


Screen Shot 2021-07-27 at 12.00.59 PM

Once Mike shares the code with the attacker, it’s game over and the attacker can take over Mike’s account. At the end the attacker send's Mike a message that he was successfully enrolled in order to close a loop so that Mike won't suspect that anything wrong happened.


Screen Shot 2021-07-27 at 11.59.38 AM



How to avoid this type of attack

1) Don't Automatically trust anyone, including Robots. In Star Wars, Droids weren’t allowed in bars because they monitor everything and can be corrupted. This is where we are today with machines. Never share security codes with anyone - including automated systems that contact you out of the blue.

2) Call and verify with your Admin, Company, or Person, the authenticity of the request.

3) It’s better to use Authenticator Apps (Such as Google or Microsoft Authenticator) or even a hardware security key instead of Text based authentication.
4) Share less! The more an attacker knows about you the easier it is to hack you.
5) Use Wizer CyberSecurity Awareness Program to train your team
Remember, staying safe starts with security awareness. For more videos like this register free to our free cyber security awareness video