New phishing technique intercepts two-step verification
New phishing technique intercepts two-step verification
Written by:
Leo Hoogma, 5 June 2024
If you often use two-step verification (2FA) or MFA (Multi Factor Authentication), then you are consciously concerned with online security. But here too, you still have to pay attention! Scammers can easily "catch" your multi-factor authentication codes. We would be happy to tell you more about this.
How can scammers find out your multi-factor authentication?
When you as an unsuspecting user are led to a phishing site, for example via a banner on social media or through a hacked website, you will at first glance see a neat website, for example from a bank , email provider or social media platform. When you enter your user details on this fake site, the data is forwarded by cyber criminals to the real site without you noticing. You will then be asked to complete the TFA step, for example by entering a code or accepting a push notification. This information is also forwarded to the criminals, giving them access to the real site.
Once the criminals have access to an account, they can change settings such as the email address, phone number and password, preventing you from having access, or they can simply empty your bank account. This is why many platforms ask for your PIN or other authentication again when changing important settings.
have you fallen victim to clicking on a phishing link? To compress! But put your shame aside. It is always important to report this quickly to an IT specialist to prevent worse! Read here more about the importance of acting quickly in phishing.
How can you protect yourself against Man in the Middle (MITM) attacks?
Stay alert - Knowing how scammers operate is the first step in avoiding them. Don't blindly trust sponsored search results and if something seems suspicious, it probably is.
Use security software - A security program such as , blocks known phishing sites. Many phishing domains only exist for a short time, a good security program, such as ESET Antivirus & Security, is on top of this.
Use a password manager - Password managers fill a password Don't automatically log into a fake site even if it seems genuine.
Consider passkeys - Multi-factor authentication remains very important and protects against many types of attacks, so keep using it. However, authentication-in-the-middle attacks only work with certain types of MFA, and passkeys will not allow cybercriminals to log into your account this way. Many services have already started using passkeys, and this will undoubtedly continue to evolve.
Use a secure browser - Currently, Brave is one of the most secure browsers available. Advertisements and trackers that endanger your privacy are automatically blocked. Your data will not be stored by third parties and you will be protected against browser fingerprinting.
Need help with internet or email related matters? Go to Hoogma Webdesign
We have more than 20 years of experience in the field of safe internet and email, and we are still learning every day. We are happy to help you find the answer to your questions in this area. Email to support@hoogmawebdesign or call 0597-855758
Would you like to read more blog posts? Go to the page Blog.