Awareness - MFA protects but make sure the site is okay

Awareness - MFA protects but make sure the site is okay

version: 2022-04-14

Introduction

MFA is a good way to protect against hackers, but on Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with MFA designed to prevent such takeovers.

TL;DR:

  1. Check the site URL is correctly spelled
  2. If need be verify the site by clicking on the lock next to the URL, for myDRE:
    1. Click: Connection is secure
      1. Chrome: Certificate is valid
      2. Edge: icon left of the X
    2. It should display something like
      1. for myDRE.org:
        1. Issued to: mydre.org
        2. Issued by: Go Daddy Secure Certificate Authority - G2

Read the full article:

    • Related Articles

    • Awareness - Malicious code packages in repositories

      Version: 2022-08-16 Introduction anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness ...

    • Awareness - MFA: number matching, location and additional context

      TL;DR: The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatigue attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be ...

    • Awareness - Passwords, Spell Checkers, and MFA

      Introduction We like to make you aware of some of the current security vulnerabilities, what you can do and what anDREa is doing to mitigate the risks. Passwords & Spell Checkers Spell checkers offered by browsers, but also apps like Grammarly, pose ...

    • I forgot my password / MFA on a new phone

      Introduction To be able to log in to myDRE you will need an @mydre.org username, your password and multifactor authentication (MFA). Together, these provide your identity on the platform. However, at some point you might forget your password or you ...

    • Awareness - Convenience & Security

      Introduction - the case of copy-paste: local <-> VM On myDRE you cannot copy-paste text from or into a VM. As a Jupyter Lab user myself (Python) that heavily makes use on Google to find solutions, I do miss this copy-paste option. It would be so much ...