3.23.22

Malicious MFA Bypassing Future Scam

Cybercriminal researchers warn the public about a future scam that bypasses MFA's.

MFA stands for Multi-factor authentication. MFA’s are great to use and have an extra step of security when it comes to login portals. Cybercriminal researchers warn the community that cybercriminals may have found a way to bypass MFA’s and be able to compromise your accounts. This is not a scam yet, but researchers warn it could be.

The way cybercriminals are able to bypass the MFA is by using a noVNC software and a phishing link. The bad guys will send out a phishing email that urges you to take action right away and log into your social media account. If you click on the link it will really take you to a fake login page posing as the real website. Sadly, this fake login page will be on the cybercriminals’ server.

Any information entered on that login page and using your MFA passcode would go straight to the cybercriminals so they could save the credentials for the future.

 Tips:

  • Never click on a link or open an attachment from an email that you weren’t expecting.
  • Be cautious of sense of urgency in emails. These emails are meant to scam you and want you to make an impulse decision or impulse action.
  • Think before you click!
  • Make sure you are always looking out for red flags with MFA’s. Even though they are a great extra security step it is important to be cautious of any red flags that might come up.

Learn more tips like this and train your employees with our Security Awareness Training Program.