It happens rarely for opportunistic phishing because the economics don't make sense. Why change your code to increase victim yield by 1%? If that number increases, so will attacks. If 1% of users had to type "banana" into a form field, they would also be phished less.
I'm confused, how did they get their existing script? Editing it themselves works too. You agree that SMS-2FA does not require any capability that the attacker has not already demonstrated, or you're saying adding or buying some code is a new capability that attacker won't have?
-
-
I'm referring not to phishing but to password reuse/easy password which is what SMS 2FA helps block. That might be the only point where we disagree. In my world, password reuse/easy-to-guess password are huge vulnerabilites even among highly-motivated at-risk users.
-
Your question seems: is there a sizable group that if, they can't get in via [MYKIDSNAMEBIRTHYEAR] who'll just give up? In my admittedly observational view, yes.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.