Human beings remain one of the greatest threats in information security, whether they are malicious actors or the general unsuspecting public. The latter, which we are in relative control of, are in dire need of cyber awareness.
An acquaintance of mine recently nearly fell for a social engineering attack through a Facebook post by a fake fast food page claiming to offer discounts. The page subsequently sent a message with a malicious link, which redirected to a phishing website designed to steal the victim's card details. However, as a shortcoming on the attacker's end, the SMS containing the OTP displayed the actual (much larger) amount being deducted and showed a completely different beneficiary. The card was promptly blocked.
I believe this is a fantastic real-world example of the importance of multi-factor authentication. The benefits it showcased in this case:
- Multiple levels to confirm the payment details
- Adds more than one layer of security
- Access to only one set of credentials not being enough to compromise the account
- In some cases, it can even help prove the identity of the customer
Cyber awareness and MFA together form a strong first line of defence, and this incident is a clear reminder of why both matter.
Originally published on LinkedIn.