Saturday, 28 January 2017

How Hackers Bypass Mobile Verification

Please Note: The purpose of this article is to inform people of how hackers can steal information and to prevent the illegal and criminal use of Penetration Testing Software like redpill Hacker.



Cyber-criminals can install key loggers on your computer to get your login details. Sites that require a more secure form of log-in will send a verification code to the user's mobile phone (SMS - OTP) to prevent this type of attack. It is mostly banks but also other sites (think of Google's two step verification) that uses this method.

So how do hackers get past the mobile verification step?

Easy - The ask the user what the code is! It is called social engineering and this is how it works:

  1. They get information about you - usually everything they need they can get from your facebook account. All they need to get started is your email and phone number.
  2. They then use hacking tools to get your username and password from your computer.
  3. They will then give you a call claiming to be from the company (bank/google/etc) and informing you that they had some problems with users complaining that incorrect verification codes are being sent. They will inform you that they are doing random checks and will ask your permission if they can send you a verification code (giving you the illusion that you are in control). 
  4. When you agree, they log into your site. You will then receive the code and it will all look very legit to you. 
  5. To put you even more at ease they will then read you a code that you need to confirm. When it is wrong (it obviously will be) they will reply "oh no, not another one! What is the code that you received?"
The next text message you will receive from your bank is to inform you that the money was successfully transferred from your account!