【Watch Peaky Blinders】

So you've created a strong password,Watch Peaky Blinders kept an eye out for sketchy links, and enabled two-factor authentication — what could possibly go wrong?

Well, it turns out the answer is "you."

SEE ALSO: Here's what we know about alleged NSA leaker Reality Leigh Winner

As the leaked NSA report on Russian efforts to hack the computers of U.S. election officials before the 2016 presidential election demonstrates, we are all often our own biggest security weakness. The document, published by The Intercept, shows that hackers found a way around the protections offered by two-factor authentication that is striking in its simplicity: They asked the targets for their verification codes.

"If the victim had previously enabled two-factor authentication (2FA)," explains a slide detailing the Russian attack, "the actor-controlled website would further prompt the victim to provide their phone number and their legitimate Google verification code that was sent to their phone."

To translate, after tricking victims into entering their email and password into a fake Google site, the hackers found that some victims had 2FA set up on their accounts. This meant that even with the password, hackers were unable to gain access to the Gmail accounts in question — that is, unless they could get the verification codes as well.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

So, again, they just straight up asked for them.

Original image has been replaced. Credit: Mashable

"Once the victim supplied this information to the actor-controlled website, it would be relayed to a legitimate Google service, but only after [redacted] actors had successfully obtained the victim's password (and if two-factor, phone number and Google verification code) associated with that specific email account."

Basically, the hackers were able to bypass the email security measures by requesting that the victims give them the keys to the digital castle.

Once access was gained to the accounts, which reportedly belonged to an electronic-voting vendor, the hackers would then email election officials from the hacked accounts and attempt to trick those same officials into opening script-laden Word docs that would compromise their computers.

It's an elaborate bit of spear phishing, and it reminds us that no matter what digital security practices we put in place, we can all still slip up.

In the face of everyday online threats, the best defense (other than setting up 2FA — which you should definitely still do) might be the simplest: exercise caution with every email you receive, and be paranoid as hell.

In the face of skilled Russian hackers? Well, that one's trickier, but maybe start with not handing over your email password, phone number, and 2FA verification code.

---

Featured Video For You

---

Researchers are using sound to levitate objects, and it's changing the medical industry

---

Topics Cybersecurity Elections

• Entertainment
• Games
• Digital Culture
• Deals
• Social Good
• Life
• Tech
• Shopping

• 'The Last of Us' Season 2, episode 5: The spores are here!
• An ad industry group nominated Russia's election hack for all the awards
• I tried living like Tom Brady for a week
• If you want Windows 11 update, you may have to buy a new PC
• How to Squeeze the Most Out of Your iPhone's Battery
• Tom Brady dressed like Inspector Gadget for the Super Bowl
• 'Democracy dies in dankness' according to Trump Jr.
• Michelle Obama gave one little girl's third grade project an A+
• Google Pixel Buds Pro 2: $40 off at Amazon
• Two galaxies create an eye

• Notes on Precocity
• The 11 best and funniest tweets of week, including Kendall Roy, cast iron, and retweets
• Read Our Interviews with Elena Ferrante, Hilary Mantel, Lydia Davis
• Introducing Our New Video Series, “My First Time”
• What Was the College Widow?
• A Brief History of Spacefarers—How We Imagine Our Astronauts
• “Holiday in the Protectorate” and the Ethics of Role
• In Guy Laramée‘s Sculpted Books, the Birds of Brazil
• Dante Is Seven Hundred and Fifty—So Get a Selfie With Him
• Poetry for Robots: Can We Use Verse to Teach Robots to Feel?

• Fyre Festival and Trump’s Language
• Apple Watch Series 7 might get a bigger, flatter screen
• 11 best apps for going on a road trip
• CDC reports flu season is worsening, as 17 more children die
• NYT Connections hints and answers for May 18: Tips to solve 'Connections' #707.
• I tried living like Tom Brady for a week
• TikTok bans searches for Milk Crate Challenge
• ‘What If’ episode 4 shows us what’s at stake with the multiverse
• Amazon Prime Grubhub deal: Save $10 off orders of $20 or more
• Tesla Roadster should come in 2023, Elon Musk says

• Best Garmin deal: Save over $100 on Garmin Forerunner 955
• Audi's Grandsphere concept car is a dreamy autonomous luxury EV
• How climate change impacted Hurricane Ida, according to scientists
• Lorde thanked New Zealand for supporting female musicians by taking out a full
• Every MCU movie villain ranked, from "Iron Man" to "Thunderbolts*"
• The dateable weapons of 'Boyfriend Dungeon', ranked
• Google Calendar to tell you how much time you've wast...err, spent in meetings
• Simple Google Maps tips and tricks that everyone should know
• Apple is actively looking at AI search for Safari
• Fiona the hippo has made her Super Bowl prediction