Understanding Multi-Factor Authentication (MFA) Requests
Cybersecurity threats are on the rise and new methods of attack continue to surface, making it ever more important that we are diligent in protecting ourselves from unintended harm. Cyber attackers are not only targeting large organizations but individuals like you. These sophisticated attacks can target your bank account, Amazon, other online retail accounts, or any number of services you use.
Multi-Factor Authentication (MFA) is a wonderful method of protecting your accounts. Things like adding a text, call, or a trusted authenticator app to verify you are logging into your account after entering your password is a good example of MFA. It is highly recommended that if you have accounts that are not protected with MFA, enable it where possible. Cyber attackers understand the success MFA has in preventing criminals from accessing accounts, so they have developed methods to trick people into bypassing MFA. Below are some of those methods.
Example 1: Cyber attackers are sending large numbers of MFA requests via text message and/or email to victims until they accept one of the requests allowing the attacker to successfully log in.
How do you protect yourself? Never approve a Multi-Factor Authentication request that you receive via email or text that is not directly related to you logging into your account.
Example 2: Cyber attackers are using fake websites to create a situation where they can capture your login credentials and browser cookies to help bypass MFA. These fake websites may look exactly like your banks website but will have small tells like an incorrect letter in the URL (https://yourbank.com vs HTTP://Y0urbank.com)
How do you protect yourself? Log into your account though your normal methods and do not follow login links from emails or texts. Always be cautious of websites and check to make sure the URL looks correct.
Example 3: Beware of calls from fraudsters pretending to be employees of your bank or other companies asking you to go to a web portal or log into an account.
How do you protect yourself? Emprise Bank will never ask for your password or try to capture MFA info over the phone. If a customer service rep asks for your password, hang up immediately and call a valid phone number.
At Emprise Bank, we understand that the security of your personal and account information is important to you. We also understand that security is a common and legitimate concern with online banking. Fortunately, there are many steps that we can take to protect your private information from being accessed and methods you can use for ensuring your privacy.