People who click on Russian phishing links aren't gonna set up dongles and shit.
It's like some people can't be bothered to read 1 sentence of the OP before hitting 'Reply'
Google on Tuesday rolled out a nasty-complicated but insanely secure version of its Google accounts aimed at "those who need it most," such as journalists, politicians and activists.
Then you can tell me how it could happen.
It's not "widddeeee opennnn" but there's methods people have used successfully.
The most successful, hands-off, no theft required method is by spoofing your cell phone number usually with the help of your wireless provider. For every day schmucks like you and me it's pretty unlikely, but for journalists, politicians, activists, and other prominent people, this is very common. They figure out your wireless provider, contact them, and in most circumstances, the wireless provider is so stupid they send out a new sim card to the hacker. The hacker gets a burner phone, tosses your sim in there, and then tries to login to your account with the username/password that they've obtained earlier. They hit the 2SV (2 step verification) stop sign, and hijack your phone number at that moment, the text goes to them and not you, and they login to your account. By the time you get the notification that your legit phone has been deactivated, they're in there getting your stuff. By the time you can get a backup phone or somehow reach your wireless provider and shut it down, it's been hours. Smart hackers will also setup a new 2Factor number on your gmail so that it's ver ydifficult for you to get your email back over a few days.
Really sophisticated security experts (like, hired by governments) wouldn't want to deactivate your shit... THey'd spoof a sim and try to get two phones going at the same time so that you don't notice anything's wrong. They can also mimic a wireless tower so that your phone connects to them instead of to your provider. Dumb hackers just hijack your number. This was happening last year to a bunch of kinda/sorta prominent YouTubers, which is pretty scary. They're people who aren't famous at all, but their videos get a few thousands hits, and hackers were able to easily hijack their phone numbers and take over their email, bank accounts, and YouTube channels before the people had time to respond. And they're not famous or influential at all, just pretty much random mid-tier YouTubers. So if some putz somewhere is willing to put in a small amount of effort to undermine a relatively unknown celebrity, sophisticated hacking groups who target activists, politicians, and other high worth targets will be much greater.
Random idiots like us are relatively safe from this because it takes a decent amount of effort relative to what someone could get out of it.
