Phishing for passwords is a great pass time of any cyber criminal. The conmen already know your username, as that is now your email address. It is the password they covet more than anything. The criminals are getting cleverer, the emails are looking that much more realistic, the phones calls sound far more real. The days of just detecting “a phish” attempt by the grammar of an email/text a message, or sound of a voice are rapidly disappearing.
They can gain access to your files, email, social media, hosted systems. Once they get a password, they instantly try to access everything they know of, knowing that as human beings, we have probably used that password more than once.
Two Step Authentication, Multifactor Factor Authentication (MFA), 2FA all amount to a technique to combat this data breach of losing your password to a fraudster. The solution is fairly simple to explain, but more complicated to setup. Basically the system you are protecting will only allow you to login if can supply some information that you know, your password, and double check that you are the correct person, by utilising something you have, normally your mobile phone.
The chances of a criminal being in possession of your password, and having your mobile phone (and getting through the security of your mobile phone) is extremely unlikely.
The system most of my business customers use is Office 365, mainly for email, but some for SharePoint. My advice, if you also use Office 365, is to get your admin to enable MFA for most of your accounts. It forces that account user to register their mobile phone with their account. When they connect a new device, or after a period of time on an old device, it will utilise MFA and request something from the phone. Microsoft use either the “Microsoft Authenticator” or you can use a text message, where Microsoft will text a temporary code to the phone.
Any and every system should be protected this way. When you speak to company who supports your system, ask about it. There are so many web based/cloud systems that need this kind of security, and hopefully we can reduce this kind of fraud.
For personal use, where it is an option, switch it on. If FaceBook, Instagram, TikTok, LinkedIN etc have the option to toggle this 2 Step Security, why not just enable it? Why? Fraudsters like to read and get into the sort of conversations you are having, as the cleverer conmen can then use this to somehow find an angle to get money from someone sometime.