How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding

· Apr 11, 2024 at 9:00 AM

In a crude but potentially effective attack, a hacker sends a malicious link which quickly sets up call forwarding for a target’s phone number. The result is the interception of 2FA calls, including for Gmail.

A demonstration video of the attack with two laptops and two pho — Image: Dvuln.

Hackers can automatically have targets setup call forwarding by simply clicking a link and following a prompt, which in turn may let the hackers intercept phone calls and certain two-factor authentication codes, according to a security researcher and 404 Media’s own tests.