---
title: "Attack on 2 Factor Authentication Highlights Phishing Protection Needs | Phish Protection"
description: "Attack on 2 Factor Authentication Highlights Phishing Protection Needs: Two factor authentication 2FA is supposed to make logins more secure. Using 2FA."
image: "https://phishprotection.com/og/blog/attack-on-2-factor-authentication-highlights-phishing-protection-needs.png"
canonical: "https://phishprotection.com/blog/attack-on-2-factor-authentication-highlights-phishing-protection-needs/"
---

Quick Answer

Two factor authentication (2FA) is supposed to make logins more secure. Using 2FA requires two private pieces of information to login: your password and one other, typically a code received via text message. \_The challenge is the more secure the approach seemingly is, the less attention you pay while logging in.\_ And therein lies the problem.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fattack-on-2-factor-authentication-highlights-phishing-protection-needs%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Attack%20on%202%20Factor%20Authentication%20Highlights%20Phishing%20Protection%20Needs&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fattack-on-2-factor-authentication-highlights-phishing-protection-needs%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fattack-on-2-factor-authentication-highlights-phishing-protection-needs%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fattack-on-2-factor-authentication-highlights-phishing-protection-needs%2F&title=Attack%20on%202%20Factor%20Authentication%20Highlights%20Phishing%20Protection%20Needs "Share on Reddit") [ ](mailto:?subject=Attack%20on%202%20Factor%20Authentication%20Highlights%20Phishing%20Protection%20Needs&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fattack-on-2-factor-authentication-highlights-phishing-protection-needs%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/01/what-is-phishing-7800.jpg) 

Two factor authentication (2FA) is supposed to make logins more secure. Using 2FA requires two private pieces of information to login: your password and one other, typically a code received via text message. _The challenge is the more secure the approach seemingly is, the less attention you pay while logging in._ And therein lies the problem.

According to[an article on ITPro](https://www.itpro.co.uk/two-factor-authentication-2fa/32689/phishing-tool-that-bypasses-gmail-2fa-released-on-github)this week, “A security researcher has released a tool that can bypass a host of 2FA schemes widely used across platforms such as Gmail and Yahoo.

When deployed, the tool places a server named[\_ Modlishka \_](https://www.theinquirer.net/inquirer/news/3069049/2fa-bypassing-tool-modlishka-is-on-github-for-all-to-use)between a phishing target and a secure platform such as Gmail, which phishing victims unwittingly connect to in order to enter login details. In a hypothetical phishing campaign, a targeted user would encounter a malicious email containing a link to the[ proxy server](https://www.iplocation.net/proxy-server) mimicking a Google login procedure. The user would then enter their username and password, and then the 2FA code, all of which would be collected and held on the proxy server.”

![What is phishing](https://media.mailhop.org/phishprotection/images/2019/01/what-is-phishing-7800.jpg) 

In other words, this [two-factor authentication](https://searchsecurity.techtarget.com/definition/two-factor-authentication) man-in-the-middle attack has the potential to not only steal your password, but your 2FA credentials as well.

> 

It all depends on convincing you that the fake website you’re actually logging into is real.

There’s virtually no chance that a normal user will be able to distinguish the fake website from the real one, and would therefore proceed to login without giving it a second thought. That’s why it’s become imperative to take advantage of existing technology to do the heavy lifting users won’t.

Today there exists inexpensive and easy-to-deploy **cloud-based technology** to protect users from these advanced phishing techniques. They work in the backgr

ound to keep users safe.

The technology used to protect users is called “**real-time link scanning**.” It not only scans emails for [malicious embedded links](https://www.lifewire.com/how-to-test-a-suspicious-link-without-clicking-it-2487171) but more importantly, scans the web pages to which those links point, to see if they’re fake.

Linked-to websites are scanned for:

page size,

domain name,

on-page content, as well as

hidden fields and

JavaScript with injection code.

![What is phishing](https://media.mailhop.org/phishprotection/images/2019/01/what-is-phishing-1113.jpg) 

_The websites are also compared to Fortune 5000 websites_, bank websites and other frequently-used websites. They are checked to ensure that elements have not been copied to look like **clones of authentic sites**. The information is then used to develop a decisioning score as to how likely those elements are to be representative of a malicious website.

With the release of this tool, it’s clear that using [2FA is no longer sufficient](https://www.nytimes.com/2019/01/27/opinion/2fa-cyberattacks-security.html) to protect you from phishing attacks. Users need the protection that only technology can provide. Make sure to get [phishing prevention](/content/phishing-prevention/) to so you can quickly and inexpensively protect yourself and your users from 2FA and many other phishing attacks,

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Attack on 2 Factor Authentication Highlights Phishing Protection Needs","description":"Attack on 2 Factor Authentication Highlights Phishing Protection Needs: Two factor authentication 2FA is supposed to make logins more secure. Using 2FA.","url":"https://phishprotection.com/blog/attack-on-2-factor-authentication-highlights-phishing-protection-needs/","datePublished":"2019-01-11T19:58:27.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-01-11T19:58:27.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/attack-on-2-factor-authentication-highlights-phishing-protection-needs/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":477,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/01/what-is-phishing-7800.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Attack on 2 Factor Authentication Highlights Phishing Protection Needs","item":"https://phishprotection.com/blog/attack-on-2-factor-authentication-highlights-phishing-protection-needs/"}]}
```