Two-factor authentication hack feeds on phony e-mail

[labbe5]

https://techxplore.com/news/2018-05-eas ... phony.html

"The core of the attack comes in a phishing email, in this case, one purportedly sent by LinkedIn, to a member indicating someone is trying to connect with them on that social network," said Doug Olenick, SC Magazine.
The user gets a fake login page. The attack method is described in security parlance as a credentials phishing technique, which requires the use of a typo-squatting domain. The idea is to let the user give away his/her credentials.

One obvious piece of advice, however, was offered and that is to be vigilant about links. Also, a perspective on what two-factor authentication is and isn't is helpful. It is a tighter solution than a basic password only mechanism. It is an extra layer of security.