There are no silver bullets. No one can guarantee you won’t be hacked, but we can make it harder.
We can reduce your cyber-risk by taking reasonable steps to make it harder to hack you.
The key is to have layers of security, and to keep reviewing the technology in use to ensure it keeps up with a rapidly changing world.
We keep saying that the cyber-protection that seemed excessive a year ago feels inadequate now.
One of the most important protections is multi-factor authentication, “MFA” or “2FA”. We know it’s annoying and intrusive, but highly effective. Nevertheless, it can be defeated.
Here’s one trick to watch out for. Look out for a call from someone claiming to be from your bank or IT department or similar. They might say something like “before I will talk with you, I need you to prove who you are, by giving me your MFA code.” Of course, the second you tell them, they immediately use it and can do whatever they want, from stealing your money, resetting some of your passwords or setting up an impersonation of you.
Here is the sneaky part. The hacker may not even speak the victims language and they don’t want to call them directly, exposing their own phone number. So the hacker purchases a online system for $400 a month. That system uses Interactive Voice Response to call the victim.
Yes, you read that right, robots are stealing MFA codes.
This technique only works if the hacker already somehow has your username and password, AND you tell them your MFA code.
Likewise, always check the website you are logged into – where possible, don’t click on the link in emails but rather type in the URL yourself or use your ‘favourites” list . We have heard of a situation where hackers copied the login page of a well known NZ bank, and tricked users to go to their fake site, and enter their username, password and MFA code.
Luckily KARE for Security can help reduce the risk by checking URLs for you.
It helps to layer security. In this case, using KARE for Security’s web protection checks the URL’s you access against known databases and reduces the risk of accidently accessing a bad website.
For more information, refer to : https://www.techrepublic.com/article/cybercriminals-automated-bot-bypass-2fa