cont'd
3. Do not trivialize unusual email requests to simply 'someone messing around with an old account on an unimportant site' even if it doesn't appear to be directly related to crypto. You should immediately be on high alert.
Be careful friends. And reminder to not get complacent or lazy, use hardware wallets for larger funds, and use segregated devices for your large scale #crypto . Thankfully my hardware wallets are uncompromised, but this still did some damage, and is especially painful due to how this could've been easily avoided + it was mostly stables.
Make sure to walk out of the casino when the degeneracy stops, but also make sure to not get robbed in the parking lot.
LIVEkaymyg
--
cont'd
Update on the #hack theft and additional opsec lessons learned:
I have now further confirmed the #2FA bypass attack vector was a man in the middle attack. I had received an email from Indeed job search platform informing me that they received a request to delete my account within 14 days. I was in bed at the time and was doing it from my phone via the mobile Gmail app.
I hadn't used Indeed forever and don't care for it but obviously I thought it was unusual, as I didn't make such a request. Out of security precaution, I wanted to know who made such a request and wanted to check if Indeed had access logs, so I tapped it on my phone.
Because I didn't use Indeed forever, I didn't remember my password so naturally I chose Sign in with Google. It took me to Indeed and I couldn't find a request log. Because I knew my old logins were already on the darkweb I figured someone must've got into my Indeed, and so I proceeded to enable 2FA.
Honestly I didn't care much for Indeed even if it did get deleted, and thought it was just some small time hobby hacker messing around with an old login from some old exposed database leak.
Turns out the Indeed email was a #spoofed phishing attack. The Indeed link I tapped in the Gmail app, was a scripted South Korean web link, which in turn routed me to some fake Indeed site, which captured my Sign in With Google, then routed me to the real Indeed site. They hijacked the session cookie enabling them to bypass 2FA, then accessed my Google account and abusing browser sync.
Further general opsec lessons learned:
1. Mobile Gmail app will not show the sender's true email or link URLs by default, which is a big opsec flaw. Refrain from tapping mobile links in your mobile email client.
2. Refrain from using Sign In With Google or other #oAuth features. The convenience is not worth it due to ease of phishing attacks to bypass 2FA. Even if it may not be due clicking a phishing link, a regular website could be compromised at no fault of your own. The expectations of 2FA security let my guard down.
Update on the #hack theft and additional opsec lessons learned:
I have now further confirmed the #2FA bypass attack vector was a man in the middle attack. I had received an email from Indeed job search platform informing me that they received a request to delete my account within 14 days. I was in bed at the time and was doing it from my phone via the mobile Gmail app.
I hadn't used Indeed forever and don't care for it but obviously I thought it was unusual, as I didn't make such a request. Out of security precaution, I wanted to know who made such a request and wanted to check if Indeed had access logs, so I tapped it on my phone.
Because I didn't use Indeed forever, I didn't remember my password so naturally I chose Sign in with Google. It took me to Indeed and I couldn't find a request log. Because I knew my old logins were already on the darkweb I figured someone must've got into my Indeed, and so I proceeded to enable 2FA.
Honestly I didn't care much for Indeed even if it did get deleted, and thought it was just some small time hobby hacker messing around with an old login from some old exposed database leak.
Turns out the Indeed email was a #spoofed phishing attack. The Indeed link I tapped in the Gmail app, was a scripted South Korean web link, which in turn routed me to some fake Indeed site, which captured my Sign in With Google, then routed me to the real Indeed site. They hijacked the session cookie enabling them to bypass 2FA, then accessed my Google account and abusing browser sync.
Further general opsec lessons learned:
1. Mobile Gmail app will not show the sender's true email or link URLs by default, which is a big opsec flaw. Refrain from tapping mobile links in your mobile email client.
2. Refrain from using Sign In With Google or other #oAuth features. The convenience is not worth it due to ease of phishing attacks to bypass 2FA. Even if it may not be due clicking a phishing link, a regular website could be compromised at no fault of your own. The expectations of 2FA security let my guard down.
Disclaimer: Includes thrid-party opinions. No financial advice. May include sponsored content. See T&Cs.
Explore the lastest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number