How hackers bypass Google’s Two-Factor Authentication

27 June 2016

New trick gets users to reveal their codes


Hackers are employing a new strategy to trick users into disclosing their authentication codes.

According to a report by security news website TechWorm, Gmail accounts have been hacked despite the user having enabled the Google 2FA, or two-factor authentication. This is because hackers are employing a new strategy to lure users into handing over the 2FA code.

A new trick by hackers is making people disclose the codes to their accounts, by making them think they are actually protecting them.

Two-factor authentication (referred 2FA) is an important safety measure in online services, from banks to Google, Facebook, and government agencies. When a user logs in they also need to enter a verification code or even the correct password will be blocked by the system.

Alex MacCaw, co-founder of, recently tweeted out the image of an SMS message he received on Twitter. The anonymous attacker, posing as Google’s SMS messaging, sent the following:

“(Google™ Notification) We recently noticed a suspicious sign-in attempt to from IP address (Vacaville, CA). If you did not sign-in from this location and would like to lock your account temporarily, please reply to this alert with the 6-digit verification code you will receive momentarily. If you did authorize this sign-in attempt, please ignore this alert.”

The criminals were attempting to access MacCaw’s account by getting him to send them the 2FA verification code. Once they had the code they planned to enter it in the login page and access his account, with his help.

Thankfully, MacCaw was able to detect the scam. However, if you are a Gmail user, you should take precautions and not fall for these new tricks being used by hackers to gain access into your Gmail and Google accounts.

To read the report in full visit


Contact us for more information

<< Back to Latest News items