Awareness - MFA protects but make sure the site is okay

Awareness - MFA protects but make sure the site is okay

version: 2022-04-14

Introduction

MFA is a good way to protect against hackers, but on Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with MFA designed to prevent such takeovers.

TL;DR:

  1. Check the site URL is correctly spelled
  2. If need be verify the site by clicking on the lock next to the URL, for myDRE:
    1. Click: Connection is secure
      1. Chrome: Certificate is valid
      2. Edge: icon left of the X
    2. It should display something like
      1. for myDRE.org:
        1. Issued to: mydre.org
        2. Issued by: Go Daddy Secure Certificate Authority - G2

Read the full article:

    • Related Articles

    • Awareness - Malicious code packages in repositories

      anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness articles from time to time with ...

    • Awareness - Malicious code packages in repositories

      Version: 2022-08-16 Introduction anDREa B.V. takes information security very seriously. We recently engaged in the ISO 27001 certification process. Moreover, we are subscribed to several security news feeds. As a result, we will post awareness ...

    • Awareness - MFA: number matching, location and additional context

      TL;DR: The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatigue attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be ...

    • Awareness - Passwords, Spell Checkers, and MFA

      Introduction We like to make you aware of some of the current security vulnerabilities, what you can do and what anDREa is doing to mitigate the risks. Passwords & Spell Checkers Spell checkers offered by browsers, but also apps like Grammarly, pose ...

    • Awareness - MFA: number matching, location and additional context

      The Microsoft Authenticator app will enforce number matching starting February 27th 2023 in response to MFA fatique attacks. anDREa has already enabled location and additional context, number matching will follow soon. Activation date to be decided, ...