Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought some phishing attacks act as a relay or middle-man? I don't know how common that is.


100% correct. You might have 2 factor enabled, so they also need to check that and phish the 2FA code as well. That 2FA code expires quickly, so it needs to be used in real time to get a session.

I'm sure there are some very basic phishing attacks that just save whatever you entered, but... let's avoid trying to come up with "clever hacks" that only lend a false sense of security.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: