-
Latest News
- Who sent that email?
- Blue screen – should you be worried?
- New to networking? This book could help
- Is your email thirsty?
- Once More Unto the Breach, Dear Friends
- Why your IT helpdesk could be your Achilles Heel
- Have MFA? There could be a chink in your armour
- Windows 10: so long and thanks for all the fish
- Business Awards – you could be in the pink
- 20 years: where has the time gone?
-
Categories
You have succeeded in finding a parking space, you have the right app installed to make a payment and you click to pay the £1.50 fee, but what’s this? The dreaded request to enter the 6-digit code which will be texted to you – AKA MFA!
MFA stands for Multi Factor Authentication and is a second layer of security designed to protect you if the hackers manage to get their hands on your password. Your heart may sink when you realise you are heading into the MFA process but it can stop you becoming the victim of a seriously expensive crime.
How does it work in practice?
You must have received a fair few dodgy phishing emails in your time. Unfortunately, they can now appear authentic, most probably because they have been sent from within someone else’s hacked account.
Why does a cyber criminal bother sending a phishing email?
The aim is to get you to click on the link or attachment which will then require you to enter your password to *login* to your account to see the message. In reality, you have just handed the hacker the keys to your kingdom. They now have your email address and password and will attempt to get into your account where they will disseminate further phishing emails in your name to your contact list.
Their login attempt will fail, however, if you have MFA in place.
You see, the password alone is no longer enough to gain entry.
Of course, you can help the hackers by letting them know the MFA code too. Surely you have seen warnings plastered all over banking websites telling you never to share your code! And just as you would protect your pin when withdrawing cash from the hole in the wall, make sure that no-one is looking over your shoulder when you look up your MFA code.
It can be a particular problem if your phone has been stolen. Even if they don’t have your mobile passcode, they may be able to view the MFA code on the text preview which pops up as the message comes in.
What’s the harm in being hooked by a phishing email?
It turns out that not all MFAs are born equal.
Microsoft has been phasing out the less secure SMS and voice methods in favour of using an authenticator app. Banks may ask you to use a card reader or gadget to generate the codes.
So, the next time that a request pops up to generate an MFA code, don’t mutter and tut; be thankful that you are winning the fight against Cybercrime.
Share this entry