Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account.
Here's How the Attack Works
Via Text Messages:
In some cases, the hackers use text messages and send it to their targets. The message appears to come from Google, which warns users of an unauthorized attempt to access their Gmail accounts.
The text message then follows a carefully crafted email notification, also disguised to be from Google, that redirects victims to a "Password Reset Page," designed to collect the victim's password.
The hackers then, in real time, use the password to login to the victim's account and trigger the sending of a security code to the target.
Gmail uses this security code as a two-factor authentication that adds an extra layer of security on top of a Gmail user's password.
After this, the hackers wait for the targeted victim to enter the code and then collect it through the bogus website, and then use it to take control of the victim's Gmail account.
Via Phone Call:
In other cases, the hackers contact a target over the phone regarding some fake business proposals that usually promises thousands of dollars.
The fake proposal is then send to the victim's Gmail account containing a fake Google Drive link that would prompt a victim to login with the Google credentials as well as the two-factor identification code, just like in the case of the text messages.
The users fell for the phishing attacks, as some hackers pretend to be Reuters journalists who wanted to arrange an interview.