You have succeeded in finding a parking space, you have the right app installed to make a payment and you click to pay the £1.50 fee, but what’s this?  The dreaded request to enter the 6-digit code which will be texted to you – AKA MFA!

MFA stands for Multi Factor Authentication and is a second layer of security designed to protect you if the hackers manage to get their hands on your password.  Your heart may sink when you realise you are heading into the MFA process but it can stop you becoming the victim of a seriously expensive crime.

How does it work in practice?

You must have received a fair few dodgy phishing emails in your time.  Unfortunately, they can now appear authentic, most probably because they have been sent from within someone else’s hacked account.

Why does a cyber criminal bother sending a phishing email?

The aim is to get you to click on the link or attachment which will then require you to enter your password to *login* to your account to see the message.  In reality, you have just handed the hacker the keys to your kingdom.  They now have your email address and password and will attempt to get into your account where they will disseminate further phishing emails in your name to your contact list.

Their login attempt will fail, however, if you have MFA in place.

You see, the password alone is no longer enough to gain entry.

Of course, you can help the hackers by letting them know the MFA code too.  Surely you have seen warnings plastered all over banking websites telling you never to share your code!  And just as you would protect your pin when withdrawing cash from the hole in the wall, make sure that no-one is looking over your shoulder when you look up your MFA code.

It can be a particular problem if your phone has been stolen.  Even if they don’t have your mobile passcode, they may be able to view the MFA code on the text preview which pops up as the message comes in.

What’s the harm in being hooked by a phishing email?

  • The cyber-criminals have access to your contacts. At the very least you will have to report yourself to the ICO (Information Commissioner’s Office) to avoid getting a fine.
  • They will send out emails in your name. Very damaging to your reputation.
  • They could use the opportunity to tell people that you have changed bank accounts or to request additional payments – a definite financial problem.
  • As they could send large volumes of messages, you could find your account being blocked for being a spammer too.

It turns out that not all MFAs are born equal.

Microsoft has been phasing out the less secure SMS and voice methods in favour of using an authenticator app.  Banks may ask you to use a card reader or gadget to generate the codes.

So, the next time that a request pops up to generate an MFA code, don’t mutter and tut; be thankful that you are winning the fight against Cybercrime.