Prevent Phishing Scams with Multi Factor Authentication

12 Aug Prevent Phishing Scams with Multi Factor Authentication

Phishing Scams Are on The Rise & Getting Smarter

An increasing number of clients are coming to us about phishing attacks.

Prior to COVID, phishing attacks were rapidly rising with people losing more than $57.8 million in 2019 from phishing.

In March 2020, at the start of the lockdown, attacks had already increased by 350% since the start of the year.

Phishing scams are easier to pull off in times of anxiety and trouble. Combine an atmosphere where people are distracted about health and finances with an environment where they’re more likely to be working remotely from home on insecure personal devices, and you can see why it’s easy for cyber criminals to exploit the situation. 

What is Phishing and How Does it Work?

Many people assume when we talk about cybercrime, we’re referring to hacking. In reality, phishing scams are far more common. Phishing is easier than hacking and is both effective and profitable for scammers. It’s all about persuading unsuspecting people to give over their credentials, for example passwords, or even bank details.  

What Are Common Examples of a Phishing Scam?

Unfortunately, these attacks are getting more sophisticated. Even tech-savvy people are falling for them.

Better branding, higher-quality copy and more realistic looking URLs and email addresses are being used by scammers. They often impersonate trusted establishments. For example, in February, the UN Health Agency reported that phishing emails that appeared to come from WHO (World Health Organisation) were circulating.

Some recent examples we have personally seen from clients are instances where people are unaware their email account has been breached. Scammers then send out a series of “change of bank” alert emails. This can result in a customer paying money into the scammer’s account by mistake. 

Other scenarios might be to simply launch additional phishing attacks from your trusted email. For example, once they have gained access to a client’s email, scammers send out waves of spam emails on certain topics, such as “A document is ready for you on One Drive, please sign in to retrieve it.” The original email can then be sent to all your contacts, and/or the link you trigger is a virus download.

Luckily, there are a number of ways your business can reduce the risk of phishing attacks. One method is via Phishing Simulation training to educate staff, and the other is by implementing multi-factor authentication.

How Can Multi Factor Authentication Protect Your Data from Phishing?

MFA uses two or more credentials to verify a user. As well as a password, there is likely to be a pin sent via text, or other additional security steps.

While staff training is important, people still make mistakes, especially with more staff working remotely, accessing and trying out new software, and attacks becoming more subtle and smart. 

MFA can stop phishing attacks, even if hackers manage to get email and password access. Mobile apps can be used to send push notifications for additional verifications on a separate device so that the scammer won’t be able to see the process through. In this way, they can get locked out of corporate data, even if they have password or credit card details. 

Click here for more information about multi-factor authentication.

If you need help keeping your business data and systems secure, contact us for further information.