*Ping*
An email lands in your inbox.
Oh, it’s from once of your clients; you wonder what she wants.
Rather a strange subject, though, and it is requesting that you log in to view the document.
You backtrack – is it definitely from your client? The address the email has been sent from certainly looks authentic.
Oh-oh, she must have been hacked and the cyber criminal must be busy sending out emails from within her email account at this very moment.
You know that simply replying to the email would be playing into the hacker’s hands – any cyber-criminal worth their salt will have set up forwarding rules so that any concerned responses would be hidden from the hacking victim, often in the deleted items folder.
You therefore decide to pick up the phone and give your client a call. Oh dear, she is completely unaware of the attack and is a little shocked as she takes great care with suspicious emails and has MFA* in place. Her IT support team discover that the hacker has logged in from overseas and has managed to send out over 450 emails before they are stopped in their tracks by a password change. They had indeed redirected responses so that they were invisible to your client as you had suspected.
MFA (multi factor authentication) is the extra layer of protection requiring you to enter a code as well as a password to gain access to your accounts. You can learn more about it here.
THE ELEPHANT IN THE ROOM: how was MFA by-passed?
Assuming that you simply didn’t reveal it directly or had someone peering at your mobile over your shoulder, here are the main ways that MFA protection can be breached:
MFA FATIGUE: basically overwhelming you with MFA requests so that you finally cave in and enter the code.
MAN-IN-THE-MIDDLE: the criminal inserts themselves into the login process with a fake authentication webpage so that you are tricked into divulging your credentials.
TOKEN THEFT: session cookies on your device store your credentials to allow you to avoid needing to re-authenticate in the middle of a session. The bad actors can steal these session cookies and have ways and means of using your info to bypass MFA checks.
The only way to guard against these attacks is to implement high quality cyber security, ideally with a SOC (security operations centre) as a SOC team reacts immediately to any activity which is outside the norm.
If you receive an email from a business associate which just doesn’t seem right, be a good friend and give them a call. They could be completely oblivious to the fact that a cyber-attack is in progress.
For superior cyber security solutions with a SOC, you should, of course, talk to Computer Troubleshooters.