It might sound obvious, but…
…even secure, two-factor-authentication (2FA) logins can be compromised if you simply give your details away!
Of course, you’d never intentionally give your security information away, but consider this scenario:
- Imagine that a hacker has found out your username and password.
- You receive a message informing you that there’s been suspicious activity on your account, and asking you to message back with the verification code sent to you.
- Meanwhile the hacker has used your username and password to start the login process and trigger the sending of the verification code to you.
- You reply to the message giving them the verification code.
- The hacker is then able to complete the login process and access your account!
The same sort of technique could be used to get you to give away the code from a 2FA device, such as YubiKey, or from a 2FA app, such as Google Authenticator or LastPass.
This type of trick is known as “social engineering”, which is the psychological manipulation of people into performing actions or divulging confidential information.
Another trick is to send a user to a fake login page, and capture their username, password and other credentials. These can then be used to access the real site.
Educate yourself and your staff!
Stu Sjouwerman, CEO of KnowBe4, insists that anti-phishing education is deeply important and that a hack like this is impossible to complete if the victim is savvy about security and the dangers
of clicking links that come into your email box.
If you have suspicions about any email, text message, phone call, or any other type of communication, don’t respond to it.
Don’t reply!
Don’t click on links!
Don’t answer questions!
And don’t forget to report suspicious behaviour to ActionFraud.
If you have any concerns or questions about online security, talk to us at datamills (UK) Ltd. We’ll be happy to help with educating your staff, finding security solutions, and giving you the confidence that you’re as well-protected as you need to be.