Online accounts are protected by the three factors of authentication: something you know (like a password), something you have (like a phone), and something you are (like a fingerprint). These factors are designed to keep our accounts secure, but the games fraudsters play constantly find new ways to compromise them.
Something You Know: The Data Breach Bonanza
Fraudsters scoop up usernames, passwords from compromised companies. And they have been doing that since digital passwords were invented.
Fraudsters develop phishing scams to fool users into handing over credentials thinking they are interacting with legitimate businesses.
And let’s not forget malware. It is estimated that more than 1 billion malware programs are currently in existence (with more created every day), automatically mining and sending information without the user knowing. It's like a digital spy in a computer, stealing information right from under a user's nose.
2022 saw a record 24 billion passwords exposed. - New York State Attorney General
Something You Have: The Social Engineering Shuffle
"Something you have" isn't safe either. Fraudsters use social engineering to convince users (or your cell carrier) to give them access to a phone or SIM card. They might pretend to be from a user's bank or phone company, and before the scam is discovered, they've got control of the accounts. It's like a magic trick, but instead of pulling a rabbit out of a hat, they're pulling your money out of the user's bank account/s.
Don't click that link!
Something You Are: The Metadata Mimic
Even "something you are" can be compromised. Fraudsters can't change a fingerprint or a face, but they can mimic metadata. They log into accounts with stolen credentials and make their activity look just like the account owner. They use the same IP address, the same browser, even the HTTP referrer. It's like they're wearing a digital mask, and it's good enough to fool even the most sophisticated security systems.
September 2013 - Apple introduces the iPhone 5S with TouchID September 2013 - Computer Chais Club bypasses Apple’s TouchID November 2017 - Apple introduces FaceID on the iPhone X November 2017 - Vietnamese firm Bkav bypasses Apple’s FaceID
Even one of the largest, most tech-savvy companies in the world isn’t immune to hackers getting past their security measures.
The Bottom Line
The three factors of authentication are supposed to be our digital fortress, but fraudsters are constantly finding new ways to breach the walls. They're clever, they're persistent, and they're agile, always working to stay one step ahead. So, what can be done?
Be risk aware of where you are inputting passwords
Don’t reuse passwords
Use strong, unique passwords
Regularly scan for viruses
Update computer software and operating system
Be vigilant of phishing scams
Use multi-factor authentication where it makes sense
Carefully evaluate links before clicking
Don’t assume urgent text/emails are from legitimate sources
Remember, the three factors of authentication are only as strong as the weakest link. By staying informed and taking precautions, we can make it harder for fraudsters to compromise our accounts and keep our digital lives safe.
Author
For more than 20 years, Georgia-based myNetWatchman has been examining attack traffic and monitoring criminal activity as it happens, even years before a company realizes a data breach has occurred.
This method of “watching” the bad guys means myNetWatchman gives customers access to the earliest detection and highest remediation of compromised logins and account credentials on the market.
Earliest detection on the darknet of the testing, use, or sale of compromised credentials is the most foolproof way to protect against account takeover, Active Directory exploits, ransomware attacks, industrial espionage, and more.
Comments