Even though multi-factor authentication (MFA) is a great cybersecurity tool, cybercriminals have found a new method to bypass MFA.
Multi-factor authentication (MFA) is a great way to add an extra layer of security to your login portals. However, clever cybercriminals may use a new method to bypass MFA and compromise your accounts. While cybercriminals haven’t used this method in a real-world scam yet, researchers believe this scam could occur in the future.
In this scam, the cybercriminals use software called noVNC and a simple phishing link to bypass your MFA. The cybercriminals send you a phishing email that tells you to take urgent action and log in to your social media account or a similar website. If you click the link, you’ll be redirected to a fake login page that looks similar to the targeted website. However, this fake login page is actually on the cybercriminals’ server.
If you enter your credentials and MFA passcode on this page, the cybercriminals will be able to log in to your account from their own devices. Then, the cybercriminals can store your credentials for future access to your account.
Follow the tips below to stay safe from these types of scams:
- Watch out for a sense of urgency in emails or messages that you receive. These types of scams rely on impulsive actions, so always think before you click.
- Never click on a link or download an attachment in an email that you were not expecting.
- Remain cautious, even when you’re using additional safety precautions such as MFA. While these precautions are helpful, it’s important to stay alert and look out for red flags.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.
