Cyber criminals are continually developing effective new phishing campaigns to steal login credentials. With the increased business adoption of hosted email solutions, such as Microsoft Office 365 and Google Gmail for Business, phishing for login credentials has become a significant threat. Email messages that prompt you to login to your email account are common ploys used by hackers, whether prompting to access a secured document, change your password, or verify your license. Clicking on the authentic-looking link in the email message will conveniently bring up a familiar login screen that looks EXACTLY like what you expect, but is HOSTED BY THE HACKER.
When you enter your login name and password, you may receive an error page, while the hacker has just stolen your login name and password to access your account. Once logged in, hackers commonly read the messages in your inbox, seeking contact information and data they can use to exploit you, your coworkers, your company, or your contacts. You won’t even know that the criminal has moved in.
The good news – CREDENTIAL THEFT IS PREVENTABLE! By enabling Multi-Factor Authentication (MFA), the criminal will not be able to login to your account without the second “factor.” There are three common factors that can be used to gain access to a system:
- Something you know – such as a password or passphrase
- Something you have – such as a token or time-based app on a mobile device
- Something you are – such as a fingerprint, retinal scan, or facial recognition (which is gaining adoption)
MFA can be enabled on most Office 365 or Google plans at no additional monthly cost. When enabled, you will be prompted for a second method of authentication after successfully entering your login name and password. The second factor could be a prompt on your registered smart-phone, a six-digit number that you obtain from your smart-phone or FOB, a telephone call, or a text message (while less secure, text verification is still better than no MFA).
Coupled with an effective Security Awareness Program, Multi-Factor Authentication is the best method of minimizing the effects of credential theft. As criminal phishing for login information grows, MFA needs to be used to counter the threat. Please contact us if we can answer questions and assist in configuring MFA to protect your email access.