Smishmash - Text Based 2FA Spoofing Using OSINT, Phishing Techniques and a Burner Phone

Explore a 32-minute Black Hat conference talk that delves into the escalating threat of circumventing text-based two-factor authentication (2FA) in phishing attacks. Learn how researchers Thomas Olofsson and Mikael Byström demonstrate the process of gathering data from publicly available sources to link phone numbers likely used in 2FA systems with leaked email and login credentials. Gain insights into the evolving landscape of data breaches, the increasing vulnerability of phone numbers as attack vectors, and the techniques employed by attackers to bypass 2FA security measures. Understand the implications of this emerging threat and discover potential countermeasures to protect against such sophisticated phishing attempts.