New Phishing Vulnerability Uses Facebook Copyright Violation Threat to Bypass MFA, Hikvision’s Senior Cybersecurity Director Covers this Security Concern
A new phishing vulnerability uses Facebook copyright violation threat to bypass MFA (multi-factor authentication) and trick users. Hikvision Senior Director of Cybersecurity, Chuck Davis, today covers this new cyber threat.
MFA adds two or more pieces of verifiable evidence or factors to the authentication process to greatly reduce security concerns, by lowering the chances of an account being accessed by the wrong person. Two-factor authentication (2FA) is a subset of MFA and is a means of authenticating with just two pieces of verifiable evidence or factors.
Facebook Scam Attempts to Bypass MFA
A clever new phishing attack against Facebook members is using the threat of action against copyright violations, to trick users into sharing their login information and MFA code.
Naked Security walks through the attack which starts with an email, notifying the victim that there are copyright violations on their Facebook page. The victim is directed to a malicious appeals page that is actually hosted on Facebook.com, rather than a look-alike domain, which is common with cyberattacks. During the process of filing the appeal, the victim is prompted for his or her Facebook username and password, and is then prompted for their multi-factor authentication token.
To prevent becoming a victim to this Facebook “copyright violation” cyberattack, check the email sender carefully, and double check the addresses or links in emails and on pages in social media. You can also follow these seven tips to avoid becoming a victim to a phishing email. These recommendations are from the United States Computer Emergency Readiness Team (US-CERT), and covered in this Hikvision blog.
- Filter spam.
- Be wary of unsolicited email.
- Treat email attachments with caution.
- Don’t click links in email messages.
- Install antivirus software and keep it up to date.
- Install a personal firewall and keep it up to date.
- Configure your email client for security.
Security Tip: Enable Multi-Factor Authentication (MFA)
As we saw in the Facebook scam above, attackers are targeting multi-factor authentication to gain access to victim’s accounts. But just because attackers are trying to trick users into sharing their MFA codes, doesn’t mean you shouldn’t use MFA. In fact, enabling MFA on your accounts is one of the best ways to greatly reduce the likelihood that your accounts will be compromised.
Not all websites and applications support MFA, but many do. To see which site support MFA and obtain instructions about how to enable MFA, check out the Two Factor Auth List.
To learn more about MFA, read this Hikvision blog: “Using Multi-Factor Authentication (MFA) to Prevent Phishing Hacks & Vulnerability Exploits.”