Phishing remains a significant threat to MFA security. Cybercriminals use deceptive tactics, including fake login pages and websites, to trick users into revealing their account login verification codes. In addition, attackers use regular spam, bombarding users with push notifications until they succumb to the verification of an accidental fake login attempt.
Another way to bypass MFA is SMS verification, which is widely used by many systems. Hackers use tactics such as SIM theft when they install spyware on a victim’s phone to gain access to MFA data, or SIM swapping when they impersonate a user to get a new SIM card and access SMS verification messages.
Session hijacking is a less common but still effective method used by cybercriminals. By hijacking unsafe connections, attackers can steal cookies that store MFA credentials entered during the last active session.
To increase security, it is worth using stronger authentication methods such as biometrics (often used in banking applications for phones). One-time passwords (OTP) can also be used, narrowing the window of opportunity for hackers.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
