Scammers can easily phish your multi-factor authentication codes – here’s how to avoid it


More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us.

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. While these techniques, named after man-in-the-middle (MitM) attacks, have existed for a while, they appear to be gaining traction now.

Read more…
Source: Malwarebytes labs


Sign up for our Newsletter


Related:

  • Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe

    October 3, 2024

    Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they ...

  • Exotic SambaSpy is now dancing with Italian users

    September 18, 2024

    In May 2024, kaspersky researchers detected a campaign exclusively targeting victims in Italy. They were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This ...

  • Scammers advertise fake AppleCare+ service via GitHub repos

    September 12, 2024

    Malwarebytes Labs researchers uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of ...

  • Stone Wolf employs Meduza Stealer to hack Russian companies

    September 2, 2024

    BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...

  • 85 cyber attacks on Việt Nam’s sites, portals last week

    August 30, 2024

    A total of 85 cases of cyber attacks on Việt Nam’s websites and information portals were reported in the past week, according to the Authority of Information Security (under the Ministry of Information and Communications). Seventy four were phishing attacks and eleven were malware installations. According to the information security authority, attackers have been using malicious ...

  • Deep Analysis of Snake Keylogger’s New Variant

    August 28, 2024

    Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...