Cybersecurity experts are warning all Gmail users about a new hack that defeats two-factor authentication to take over accounts. The hack is called “Astaroth” and it steals forms of identification in real-time, fooling the victim into thinking they’re logged into their account. Victims set off the phishing attack by clicking on a suspicious URL. Simply put, if you're on Gmail, Astaroth puts up a phony Gmail login screen (see below) for the victim to use, allowing the hacker to copy their private information down before passing it on to the real Gmail. The victim also doesn't see any security warnings, so they never know that something is going wrong. The only sure way to dodge the phishing attack is to avoid clicking on the initial suspicious link scammers will send to gain access to your accounts.
