According to one expert security, Multi-Factor Authentication (MFA) is a good way to protect your electronics accounts, this does not mean that users should not take the necessary protective measures. The MFA is generally stronger than the simple protection that includes only one password, since users have to put two or more different items to prove their identity. Roger Grimes who deals with protection and security data in KnowBe4 said in a recent ITWC webinar that users should not rely on someone who claims they cannot be the victim of hacking attacks, as most people are scared to see how easy it is to do so. Grimes also pointed out that the businesses must train their employees to be able to detect potential hacker scams, even if they use MFAs.
How do hackers get through the MFA?
The social engineering is responsible for 70-90% of data breaches, which does not change with the MFA, Grimes said. One of the most common attacks is called "hijacking network ”. In this case, hackers use Phishing emails to deceive users, prompting them to sign in to a fake websitethen steal them credentials and the session to access their accounts. Another popular one hacking the attack is to use phishing hackers emails to access and inject a virus into users' systems. "If the computer has been hacked, the game is over, as hackers will be able to do exactly what users are doing," Grimes said. Last year, a group of hackers stole $ 100 million in this way.
The MFA methods that send verification codes to mobile phones via SMS they are also vulnerable. For example, in the "SIM swap" scam, hackers obtain login information via phishing email or call and then steal SIM card information. This allows them to receive the verification codes by SMS set by the users and to reset the password of their account. Grimes warned that this happens thousands of times in one day. He then stressed that account recovery questions (eg parent name) are one of the worst forms of authentication and should be removed as their answers are usually expected or can be found at a rate of 20% in personal information. that users refer to SOCIAL MEDIA. The biometrics used for authentication are also a common target for hackers, given that fingerprints of users are everywhere, and if stolen, users will fear a lifetime of being attacked.
How can you protect yourself against MFA attacks?
Initially, businesses should include the issue of MFA attacks on employee safety education. Employees need to learn how to detect suspects left-wing and check if a URL is legal. Although it may be difficult, users should try to avoid SMS based applications. If they use them, they should minimize the public phone number positions they use to retrieve an account. Users should never trust someone who calls unexpectedly or sends verification via SMS. They should also be suspicious if they are asked to send an SMS with a PIN code in response to a specific SMS. Usually, the password is entered on a site. Also, when asking questions about sensitive and confidential information, users should not tell the truth to anyone. Instead, they should deliberately enter the wrong answers and record them or save them to password managers. Finally, Grimes warns that people need to understand that anything can be "hacked" and that they need to rely more on logic rather than multi-factor authentication.