FBI Warning Issued As 2FA Bypass Attacks Surge — Get Prepared
Posted by ClaydisCC@reddit | PrepperIntel | View on Reddit | 119 comments
Posted by ClaydisCC@reddit | PrepperIntel | View on Reddit | 119 comments
ProfessionPurple639@reddit
What absolutely sucks is a lot of banks or financial institutions DONT HAVE OTHER 2FA MEANS OTHER THAN TEXT.
dthj33@reddit
I've said it before: they do this on purpose so they can sell you "identity protection" services.
Flimsy_Breakfast_353@reddit
Ah Trump friendly Russians at it again. outstanding!
krayvyn@reddit
Serious question here, how far do you really have to jump to bring Trump into this?
FYI can't stand him, he's an idiot, and he's on track to ruin our country while making his friends richer.
We should just stop talking about him. Especially when trying to draw a correlation from unrelated issues.
Flimsy_Breakfast_353@reddit
Because Russia has state sanctioned Hackers continually attacking the USA, whether they are training Nigerians or North Koreans. And Trump and Rubio kiss up to the Russians led by Putin. Truth hurts
ReasonablePossum_@reddit
All states have hackers continually attacking everyone. Going further even, good state hackers mask their attacks in a way that no one will ever know they're state hackers......
You really just talk from some random propaganda echochamber dude, relax and go read a book or something lol
Ricky_Ventura@reddit
Good thing we defunded CISA theb am I right?
ReasonablePossum_@reddit
Not like they couldn't just rebrand or join assigned to another department. Really doubt the talent and capabilities would be let off.
Also there are many branches for cyberwarfare, and doubt most of them are publicly known for security reasons.
aJumboCashew@reddit
I doubt you know what you’re talking about, for security reasons, I can’t tell you why.
ReasonablePossum_@reddit
Ok (:
bostonguy6@reddit
Here’s a truth that hurts: the “Russian Collusion” nonsense was a disinformation campaign necessary because the FBI got caught red handed SPYING on a sitting president. They even got caught by the FISA court lying on sworn statements in order to get the warrants. Once they got caught they needed an excuse so “Russian Collusion” it was.
Mueller never proved collusion because it never existed
thefugue@reddit
The FBI can’t “spy” on government officials.
The FBI is law enforcement and government officials are subject to law.
bostonguy6@reddit
Indeed. They lied to the Foreign Intelligence Surveillance Court, got a warrant, and surveilled Trump while he was the opposition party candidate.
FBI lied on the Woods Procedure certification of the FISA application.
Yoy could look it up. But you won’t.
unsurewhatiteration@reddit
Also Kegbreath stood down Russia-focused counter-cyberwarfare activities.
Weird timing, that.
Livid_Roof5193@reddit
Wasn’t there also an announcement they would back off pursuing scam cyber crimes?
Cro_Nick_Le_Tosh_Ich@reddit
Dude most likely he is a bot. His response was a babbling spit bubble take.
Ricky_Ventura@reddit
No, it's a direct reference to Trump's moves to defund CISA, the agency that monitors and protects our critical infrastructure from cyberattack.
Cro_Nick_Le_Tosh_Ich@reddit
Shut up. Accounts like yours make trump look good; which is sad cause I voted for Momma kamala
Ricky_Ventura@reddit
sonofchocula@reddit
Because Trump ordered the US cyber command to stop defending against Russian hackers back in March and we’ve seen a bunch of fresh attacks since.
Why is Trump allowed to do dumbass shit but not be called out on it?
https://blog.prif.org/en/2025/03/13/us-halts-defensive-cyber-activities-against-russia-a-digital-withdrawal-from-europe/
fattest-fatwa@reddit
Serious answer: not far at all.
https://apnews.com/article/cyber-command-russia-putin-trump-hegseth-c46ef1396e3980071cab81c27e0c0236
msfuturedoc@reddit
I would be more suspicious of the Iranians at the moment, since we sort of went over there and bombed their shit. They have pretty sophisticated hackers that are now pissed off. And yes, the Trump admin did us no favors by defunding CISA to re-route all that money to DHS and then also firing General Timothy D. Haugh who was Commander of US Cyber Command and Director of NSA.
During the various congress committee meetings in recent weeks, all of them have mentioned multiple times that we are vulnerable to cyber attacks in light of these changes and no leadership has made changes to the budget or hired new people. In one committee mtg, one of the republican congressman spoke incredibly highly of Gen Haugh and said that (and I am paraphrasing), "the best thing that happened to our enemies was him getting fired" because now it was going to be so much easier for them (namely Russia, Iran, and China) to take us down in the cyber realm.
Ricky_Ventura@reddit
Good thing we defunded CISA and ordered them to stand down specifically on Russia in order to bring the invasion of Ukraine to an end.
scrandis@reddit
Someone want to explain this to me like im 5?
Kevmandigo@reddit
Text messages (sms) are largely insecure and can be spoofed, meaning the 2FA codes can get intercepted and used by third parties.
0verlordSurgeus@reddit
I don't think that's what the article described - they're using social engineering to get help desk people to add unauthorized devices to MFA and 2FA.
TheDeltaFlight@reddit
How would one protect themselves against this attack? As, it seems, the victim isn't really involved?
Some-User11111111@reddit
It's called, as it's been called for years, reducing your attack vector.
ekkso@reddit
Make your social media accounts as private as possible, and kill or minimize your LinkedIn page information or history in the settings area.
Born_Musician_4289@reddit
Security through obscurity.
ekkso@reddit
I genuinely recommend everybody to hide/disable their LinkedIn, indeed, etc profile if you are not actively looking for a job or connection, especially if you work in any IT or Helpdesk field
Only-Donkey-1520@reddit
Honestly that's the worst part, you really can't. Someone went into it in detail on the original thread and the gist is basically you aren't directly involved at all. It's all up to the service provider to hopefully catch.
SeigneurMoutonDeux@reddit
Bingo!
This is FUD. This is nothing new. This is the same thing we've been dealing with for decades. Tell your helpdesk to follow procedures when resetting credentials and everything will be OK.
911ChickenMan@reddit
MGM got "hacked" this way in 2023. The attackers were able to find an executive's birthday on LinkedIn and used that to call the help desk and request a password reset.
Dates of birth should not be considered secret enough to use for a password reset. Also, any password reset should require the employee's manager to sign off on it if they have administrative privileges on the network.
Born_Musician_4289@reddit
Who tf came up with these idiotic verification tools? Your mother's maiden name is also complete garbage, as that can be found for virtually any person who isn't an indigenous person living in the Amazon. Same with the street you grew up on in cases of famous people, and a whole lot of other stuff they use.
I guess it mostly comes from the innocent days when passwords just got you into your DeviantArt account or whatever, and serious shit wasn't really connected to the internet yet.
scenr0@reddit
I guess that's why LinkedIn is a pain in the ass go log into now.
Jakedoesstuff4@reddit
What kind of five year old are you talking to? Explain it like I’m 5 and not a prodigy
Kevmandigo@reddit
It’s 2025. If your 5 year isn’t informed about encryption and what 2FA even is as a concept…. What even are you doing with your life?
Jakedoesstuff4@reddit
“kids quit touching the damn grass we learning about encryption today”
Syonoq@reddit
*but this is how my stupid ass credit union does 2FA, what should I do?*
PajamaDuelist@reddit
Nothing.
That isn’t really what the article is about.
Scattered Spider—this cyber criminal gang—targets businesses. Not individuals.
Don’t give out a code like that to anyone over the phone. Only type it into wherever you’re supposed to type it.
You always have the option to hang up and call back. Get a call from your bank’s fraud department? Tell them you aren’t confident they’re who they say they are and that you’ll be calling back to be safe. Hang up. Look at your debit card. Call that number.
Same as #4, but with email. Got an email that wants looks suspicious, but plausible? Don’t use any links in it. Close the email, go to the relevant site, and log in.
Ignore my advice and find someone to explain things if you’re a crypto billionaire, F10 CEO, or holding a nuclear football. Otherwise…this is one thing you really ain’t gotta worry about, mate.
Syonoq@reddit
Appreciate you boss
WorldWarPee@reddit
I called my bank a few weeks ago and was thinking "man, they sound way more confused than usual" when they said they would send an authentication text. The text was the login 2fa text that says "we will never ask for this over the phone".
Hung up and changed my login details immediately, but they tried
RussiaIsBestGreen@reddit
“We’ll never ask for this over the phone, unless we do, which we shouldn’t.” Do you think it was scammers or just the worker being confused about what to do?
WorldWarPee@reddit
I think they were a little too confused to be actual employees, but the number I called should have been a legit one afaik
AlexTaylorAI@reddit
Where did you get the number?
WorldWarPee@reddit
From a legitimate voicemail that they left me. It's possible they said the wrong number, but I don't think I wrote it down wrong. I think I googled the number after the call and it seemed legit on google
Own_Structure7916@reddit
Are you 100% sure the voicemail was legitimate?
WorldWarPee@reddit
Yeah, it was a person I expected calling about something I was waiting for a call for. The number I called didn't have any idea about the person or the topic
AlexTaylorAI@reddit
never ever trust a number from a voicemail, text, or email.
If they reach out with a fraud alert, I tell them I will call them back, then I go online to the main website and use that number. Or I call the number on the back of the card, or use the number from a mailed statement (but not a mailed letter).
-Germanicus-@reddit
The numbers on the call can be spoofed/fakes. If I ever get a call asking for anything too sensitive, I just end the call politely and call the main help number myself.
ThePapaSauce@reddit
Mine does it this way, too. I just will only do it if I’m the one who called them. I’ve never received a call from my CU, but if I did, I would hang up and call them back using the main line I know, then speak to another rep about whatever that issue was.
Syonoq@reddit
but if it's a spoofed line, you won't get the call right?
onionfunyunbunion@reddit
Ohhhhh, you either mean 2 factor authentication, or you mean 2 farts per ass but then I guess that’d be 2F/A.
Akira282@reddit
That's only if you use text messaging and not an authenticator app which is harder to intercept
Blu_Hedgie@reddit
I went through and changed all of my passwords recently and there are still services that only offer sms as a second form of 2fa.
gonyere@reddit
All of my banking apps are this way and it drives me crazy!!
SeigneurMoutonDeux@reddit
One thing to help you sleep at night is that this is a targeted attack (typically towards c-suite or mid-level managers) where they know who they're going after and have other information on them. They're not using this method to go after your bank balance. They don't know who you are and more than likely don't care about you.
No offense. It's just hacking typically goes after the low hanging fruit
gonyere@reddit
I get that. But it's still obnoxious!!
tanksalotfrank@reddit
Or ones that only allow an authenticator app as 2fa IF you first provide a phone number for them to try first.
Big_Fortune_4574@reddit
You can’t intercept an authenticator app as it doesn’t communicate. It’s a very simple time based algorithm that relies on a pre shared key and synchronized clocks.
StuartShlongbottom@reddit
Less than 25% of the apps and logins I use offer this option, much to my chagrin...
JefferyTheQuaxly@reddit
This does seem to be an issue, on the Bitcoin subreddit for example I’ve seen stories of people swear that there account has been hacked without them leaking anything when they had 2fa codes protecting there crypto, as just one example.
scrandis@reddit
Perfect, thanks!
_WeAreFucked_@reddit
Still waiting too.🤣
PajamaDuelist@reddit
2FA/MFA = that thing where you have to put in an additional code from a text message, email, or app like MS Authenticator whenever you log into some online service.
2FA is one of the gold standard practices involved in protecting yourself, or your organization, from getting hacked.
The article primarily describes a cyber criminal hacking group which is able to bypass 2FA. It’s NOT a scenario where they have some magic hacker exploit that puts every single account on the internet at risk, though. They’re bypassing it via “social engineering”—being smooth talkers and calling up a company’s IT help desk and then convincing the technicians to simply disable or reset the 2FA for whatever account they want to log into (for which they’ll have the password, likely purchased or found in a public breach).
They’re also targeting important people—admins, tech staff that may have more permissions than they should, etc.
This is nothing new. It’s mostly a nothing burger, at least as far as this community is concerned because groups like Scattered Spider target businesses, not individuals. This is something that IT professionals should be aware of.
“Ransomware (of businesses) is on the rise again” is really the only thing relevant to most people here.
scrandis@reddit
I work in the food industry (corporate level) and we had one of our vendors (UNFI) get hit by a ransom ware a few weeks ago. They were taken basically out of function for over a week. They're back in normal operations now, but it really fucked a lot of shit up industry wide.
A similar situation happened to my company a year ago.
PajamaDuelist@reddit
Scattered Spider, the group referenced in the OP article, is beginning to hit the US food industry. It’s entirely possible that they were who hacked UNFI this month but UNFI has declined to make public claims of attribution.
If you’re high enough in the food chain to have any impact on IT and security spending you might want to take an extra glance at the requests crossing your desk for the next few months ;)
scrandis@reddit
Yeah, we're seeing a huge increase in phishing tests and various classes
District_Wolverine23@reddit
You have 2 factor on your bank account. I call your bank and say "hey it's scrandis!! I am locked out of my account, can you help me :("
And now it's a game to trick, cajole, threaten or manipulate the help desk person into adding my 2fa device to your account so i can hack your account.
This warning is more for banks to say "hey. Don't let people trick you." And then they put in policies like, when someone calls pretending to be you, they ask questions or have you come in and show id first.
You can protect yourself by using a 2fa app on your phone where you can instead of a phone number (sms is good, phone apps are great) or if you're a big nerd you can buy and use something called a yubikey.
TwistNo4007@reddit
2FA = 2 factor authentication, so like when you log onto your bank and it has to send a code to your email or phone to verify.
scrandis@reddit
Thanks!
Barragin@reddit
We bombed Iran and they are cyber attacking us with help from Russia.
Diligent-Soup-2176@reddit
Soon, fbi implements 2fa attacks against own citizens to carry out the administration’s krystalknackt level shit. This is just a warning they know how to do it.
raventhrowaway666@reddit
This regime has rolled back cyber security specifically so that americans are more vulnerable than ever before. This is the goal.
ReasonablePossum_@reddit
This isn't new. Has been used for ages, mostly to hack bank accounts with bad security via middle-man attacks.
Its still the same push for biometric pass-keys....
chica771@reddit
What do you mean " bad security via middle man attacks" and what can you do to protect yourself?
ReasonablePossum_@reddit
Setup as many security requirements as you can and not trusting weird messages/calls, and emails lol.
Middleman attacks are things like a hacker hacking into your phone company and cloning your number to get a text 2FA, or physically being able to catch the data from you either via malware or sniffing.
chica771@reddit
Thank you so much for taking the time to write this. You've been very helpful
SenorBurns@reddit
Would that include my former bank that, about ten years ago, when I clicked "i forgot my password" button on their website, then sent me my password...in an email...in plaintext?
And when I told them that was, um, unacceptably insecure, they blew me off saying they knew it was really me so that made plaintext okay?
ReasonablePossum_@reddit
yup, stuff like that
Bodomi@reddit
Social engineering and phishing, as ever.
Visual-Plankton9581@reddit
As someone that works in the cyberz, please literally ignore anything written by Davey Winder.
CAB-HH73@reddit
This happened to me as they spoofed AT&T emails and texts. I caught on when I got a message about a password change. So, they didn’t get to complete the account access as a I called them out on that and changed my account password thru the app. I usually don’t fall for those scams.
dewdropcat@reddit
So much for every site ever pushing 2FA
FullOnBeliever@reddit
I bought a security key, I don’t know if that’ll even be useful anymore.
buttersofthands@reddit
Anyone here trusting the FBI?
slo1111@reddit
A few prep thoughts:
Consider multiple bank accounts so all you $ is not stolen should one get hacked.
Password keeper and use it to generate random character unique passwords.
When using copy paste of passwords find the method for your OS to delete the clipboard.
Never click links or captcha unless you navigated to a url that you confirmed is legit.
Get your 2FA in order but realize if f up #4 and criminals gain access to your 2FA system they will change the password and ice you out.
Never click links or talk on fraud calls where parties reaches out to you. You can always disconnect call valid customer service and validate. #6 and #5 are how Coinbase customers have been getting their accounts and funds stolen.
Good luck preppers!
WeeklySoup4065@reddit
I'm still waiting on the shortage of goods at the port this sub promised me would shut this country down by May. Lol, this sub is SO paranoid about everything. It's a disease
GlassAd4132@reddit
The shelves are not full in low income and/or rural communities
Equivalent_Bee6235@reddit
Hey buddy, look at all the prices going up? Sit down and take your meds brospeh.
Go take your hysteric comments to your famil- oh wait I see why you're saying nonsense here. Sorry dude, you're gonna get the same reaction here.
WeeklySoup4065@reddit
Right, right, because prices weren't going up prior to Trump's trade war... 😵💫
NachoAverageTom@reddit
The USD and GDP certainly weren’t going down like they are now… 😵💫
WeeklySoup4065@reddit
My initial comment was about shelves still being stocked despite everyone on here predicting they'd be empty by now, but I must say, I'm VERY impressed by your deflection and complete change of topic
Equivalent_Bee6235@reddit
Prices were actually going down right before Trump took office. There was a mass hysteria during Oct/Nov during Biden right before about bird flu and oil prices which did cause a spike but they dropped lower than those prices by end of Dec during the transition period.
Now that everything from materials, components, fertilizer for crops, various types of oil (seed, gas, olive) all get swept up under these stupid tariffs. They put the prices onto you and me (or businesses like farms for the fertilizer) because corpos and ppl will just increase prices to cut the difference in losses from the government implementing these tariffs; because the only thing tariffs do is RAISE THE PRICE OF IMPORTING THINGS FROM FOREIGN LANDS IN SAID COUNTRY (If you know any functioning human being who owns a business, or worker who deals with importing stock, or even FARMERS, you would know shit is going to get more expensive.
As for why you aren't seeing it immediately? And or why it's slowly happening? Corporations desperately overstocked when this shitshow started. Come fall when crops are lower than normal bc fertilizer was too expensive, trust me, you'll feel it. But just like every other media manipulation this ironically deep-state government (which says its exactly AGAINST that.) you'd have forgotten everything by then. Because by that point you will hundreds more crazy insane news story to keep you distracted and complicit.
Want another example? Go to Amazon and see how many items now only have X amount remaining on niche items compared to before. I know you won't though.
EckimusPrime@reddit
It’s a prepper subreddit. You came here expecting a lack of paranoia?
WSBpeon69420@reddit
This is barely a prepper subreddit it’s more fear mongering and collapse porn
BILLIONAIRE_JESUS@reddit
WSBpeon69420@reddit
I said porn
BILLIONAIRE_JESUS@reddit
Yeah, I just added some imagery to that.
WeeklySoup4065@reddit
I didn't come here intentionally. It keeps showing up on my feed. And there's prepping for hurricanes, which is reasonable, and there's this... LOOKING for things to prep for
greyfox199@reddit
hey, the CIA worked hard on some of those paranoia posts!
GlassAd4132@reddit
I’m starting to see it, I in rural Maine, and I’m not seeing the same availability as I did a year ago. Prices are going up to, slowly right now, but they’re going up
LossPreventionGuy@reddit
bag of cherries here in central Florida was $13
cherries! with pits! not even the good cherries!
GlassAd4132@reddit
When this hits, this could be quite bad. Most of America still has inventory, though not in rural or poor communities, but it’s gonna run low in the not so distant future
burgercleaner@reddit
cargo shipping is a quarter before it hits the shelves. that was predicted to be noticeable around back to school time
Cro_Nick_Le_Tosh_Ich@reddit
This sub is a Chinese propaganda piss outlet that's why
kingofthesofas@reddit
Well to be fair that was projected if Trump continued his course of action with trade tariffs and then he folded like a taco and there was still time to get stuff to store shelves. There will probably still be some shortages but less extreme than if he had continued. If those tariffs had stayed in place it would be mass shortages right now.
socialmedia-username@reddit
Is this what affected the Wholefoods supply chain?
iamgrape1119@reddit
what do you mean? What happend with Wholefoods?
socialmedia-username@reddit
A few weeks ago their distributor's system was hacked. I was just wondering if it was related.
https://www.reddit.com/r/PrepperIntel/comments/1l7bwht/unfi_major_food_distributor_hacked_supply_chain/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
PsychologicalLog4179@reddit
They found a hole where the whole used to be.
Reietto@reddit
This is why the first line of defense is just as important as 2FA. Have a strong password. Use a password manager. Generate unique, random, 20+ character passwords for all online accounts.
And, when possible, 2FA with apps like Google/Microsoft authenticator, or better yet, Aegis. Avoid SMS 2FA.
Bassman602@reddit
Good thing the drunkard hegseth had us stand down on Russian cyber crimes
TheDarkClaw@reddit
Would a yubico be better than 2fa text message to reduce something like this
s1gnalZer0@reddit
Yes. Text messages are very not secure.
fruderduck@reddit
Sounds like the mega corporations are going to have issues. Trump and his elite might lose a few nickels?
prykor@reddit
I mean this is only really relevant if you are worried about a company account seeing as the article refers to the vulnerability being social engineering a help desk..
Raddish3030@reddit
Man, it's almost like they forced you into a singular solution and now to "prepare" when that single solution fails.