Security News > 2022 > November > Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat
The attackers try out the entered credentials on the legitimate website, triggering the sending of a 2FA code to the victim, who then enters a valid 2FA on the phishing site.
The threat actors then attempt to use the entered 2FA code to log in to the victim's account as long as they act before the timer runs out.
Regardless of whether a 2FA code works, the researchers say that the scammers trigger the next attack stage, which is to launch on-screen chat support.
In this support chat, the threat actors start a conversation with the targeted victim to keep them around in case different credentials, recovery phrases, or 2FA codes are needed for the threat actors to log in to the account.
For successfully breached accounts, the victim is still engaged with customer support in case they need to confirm fund transfers while the crooks empty their wallets.
Once they gain access to the account or wallet, the threat actors drain it of all funds while still keeping the victim engaged in the support chat.