Using MFA, or multi-factor authentication as a security protocol can potentially save you or your business thousands of dollars in damages that can be caused by phishing attacks/data breaches. Data breaches have cost some of the largest banks and retailers in the country (Capital One and Target, for example) hundreds of millions of dollars, and damaged the companies’ reputations for years to come. Even if you don’t own a business, you can use MFA for your personal devices and accounts to prevent even brute-force attacks.
In this guide, we’ll cover what both phishing and multi-factor authentication actually are, how they work, and why you need MFA to prevent some of the most common cyberattacks. We’ll cover the basics and go in-depth into how MFA might save your business or personal information someday. Ready? Let’s jump in.
What Is Phishing?
According to www.phishing.org, phishing can be defined as the following:
“A cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
Put plainly, phishing is a way to steal your information by luring you (hence why it’s called phishing). You’ve probably gotten a phishing email or two in the past but brushed it off as spam. There’s a difference, however, between spam and phishing. While spam mail is often a legitimate promotion from an actual company, phishing emails are designed to provide false pretences in order to gain your personal information. Phishers are looking to steal from you, and they’re getting better at what they do.
Social Engineering Attacks
You’ve likely heard the term, “social engineering attack”. But what is it? ASEA is an attack that involves manipulation based on human emotions. These attacks try to invoke fear most of the time, with someone posing as an official agent of the government or another agency, and threatening victims into compliance. This is one of the most sophisticated phishing methods, and, since it involves human emotions, it’s often much more difficult to trace, prevent, and eliminate altogether. A good example of a social engineering attack is the recent IRS scams, where an “IRS agent” calls and threatens victims with jail time unless they pay a specific amount of money right away. For someone who’s unsure how the IRS operates, this can be scary enough for them to comply, often giving away thousands of dollars to someone who might not even be in the same country.
For more information on IRS scams and SS scams, go here.
What Is Multi-Factor Authentication?
Now that we better understand what phishing actually is, let’s take a look at MFA. Multi-factor authentication is defined as “A security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.” by the National Information Technology Library.
You might already have two-factor or multi-factor authentication for some of your credentials. Does your banking app send you a code when you log in from a new device? That’s MFA. How are passwords hacked? By not using MFA. It’s that simple most of the time. Passwords are the first line of defence against cyberattacks, and poor passwords with no MFA are hacked more easily.
How Does It Prevent Phishing Attacks?
By requiring an extra set of credentials from users, MFAs are often far more effective at stopping phishing attacks than you’d think. Let’s say a phisher gets ahold of some of your personal information and attempts to log in to your banking app to withdraw money. Instead of just an email and password combo, you have MFA enabled. Now, the phisher needs the code that was sent to either your phone number or email in order to get any further. This can serve a two-fold purpose: it can prevent the attacker from getting to your bank accounts and can alert you that something is wrong.
Why It’s Crucial to Use It
Using MFA is critical for both businesses and personal accounts. A simple two-step process can be enough to thwart a would-be attacker and save your personal or company data. Best of all, MFA is only a minor inconvenience. Sure, you might lose a few seconds during the login process by providing the server with extra information, but that two seconds is worth a lifetime of pain from a data breach.
Even as phishing attacks become more sophisticated and successful, MFA remains a viable defence against even the most clever social engineering attacks. It’s important to educate yourself about phishing attacks and methods, as well as your employees (if you’re a business owner). The more you know about these attacks and defending against them, the better chance you have of not only surviving one but coming out unscathed. Be sure to update passwords and use MFA whenever possible, especially with financial accounts or sensitive data.