You’ve likely heard that using Two Factor Authentication (TFA) is the best way to secure your data and accounts online. The process involves authenticating your identity through a second offline channel, either via text message or authentication app. And with 90 per cent of IT departments implementing two-factor authentication for access to cloud applications including Office 365, it’s almost inevitable in your organization.
But what do you do when cybercriminals try to use this to their advantage?
The latest cyber scheme involves spoofing an email seemingly from Microsoft’s TFA program. The email announces a mandatory enrollment in TFA for the user, and asks them to follow the link to provide their credentials. Once completed, the user has then provided their company login information to the scammer, essentially opening up your business for attack.
It may seem difficult, but there are ways to identify such emails and protect yourself.
As always, if you’re not sure if something is legitimate or not, reach out to your IT department for confirmation. They’ll be able to clarify for you.