MULTI-FACTOR AUTHENTICATION- Beware of MFA Fatigue Attacks

While Multi-Factor Authentication (MFA) has become a premier tool to protect your accounts from being hacked by a cybercriminal, hackers are trying to find ways to overcome its benefits and use it to enter your accounts.

One typical attack is for a cybercriminal to obtain the ID and password for one of your accounts then try to sign in. If the account is set up with MFA then it will send a code or ask for confirmation to open up the account. If you do not approve the login, the cybercriminal will continue to try to login repeatedly hoping that you will become annoyed or “fatigued” enough to give up and allow the login to continue.

Krebs on Security reports that it has received reports of criminals using this technique with a twist against Apple customers. The cybercriminals will try the classic MFA fatigue attack. But if their victim doesn’t approve a login, they will call the victim up claiming to be from Apple support. They tell the victim that they are under attack and that Apple support needs to “verify” a one-time code. Of course, the code is the standard MFA notification with a code to enter or a selection to approve or disapprove logging in.

The attack on Apple systems may take advantage of bugs unique to Apple. Krebs on Security observes that changing your account phone number to a VOIP phone number might help. Also, using an email alias could also help. See the Krebs on Security article below for details.

If you receive a notice to approve a login and you are not logging into your account, then obviously you should deny the request. Someone is trying to get into your account that you do not want in there. If the notifications are persistent and numerous, after the attack subsides (assuming that it does stop) change the password to your account to another strong password. Changing your password should prevent someone with your old password from trying to login in the near future.

 

Krebs on Security:

https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

 

National Cybersecurity Alliance:

https://staysafeonline.org/resources/multi-factor-authentication/

 

Wikipedia:

https://en.wikipedia.org/wiki/Multi-factor_authentication_fatigue_attack

 

 

VACATION SECURITY- Is It Safe to Use a Room Safe?

Frommer’s, a web site that gives advice about travel locations, methods, and accommodations, recently posted an article about the safety of in room hotel safes.

The article noted videos going around social media showing methods that could be used by a thief to break into these common accessories that are provided by many hotels. In an effort to nail down actual statistics to show how much of a problem theft from in room safes really is, Frommer’s could not find much information from major hotel chains or law enforcement. While Frommer’s did not find much information to document justification of any major trends in the theft of hotel safe contents, it notes that the fear of theft is logical for travelers.

Frommer’s research developed the following recommendations,

·         Place your documents in the hotel safe in the hotel’s office.

·         Many hotel safes have you enter a unique numeric code each time you enter the safe. Be sure not to use an obvious code such as 0000 or 1234. If the safe has a preset code, be sure that it is not a simple code like 1234. If it is, ask hotel management if they can change the code for you.

·         Place an external lock on the safe such as from Milockie (https://www.amazon.com/Milockie-370111-Hotel-Safe-Lock/dp/B0042WWMA8?&linkCode=sl1&tag=pageviewcount-20&linkId=cde22f448fc1ed7924e0127df3ae2594&language=en_US&ref_=as_li_ss_tl). This adds a layer to enter the safe. You can remove the external lock with a code or a key that only you have, then enter the safe with the code that is programmed into the safe’s lock. This way, a third party cannot enter the safe with a house key or code.

·         Take a portable safe with you that can be made of plastic or a soft knife proof material. You can place it in your suitcase while you are away from the room, or you can attach it to an immovable object such as a bed frame with an often-supplied heavy-duty cable and a padlock.

·         Put your valuables in your suitcase and lock it. This assumes that staff will not want to rummage through your dirty laundry to find your valuables.

 

Another recommendation that Frommer’s makes is to take pictures of important documents such as your passport, credit and insurance cards, and your driver’s license then save them to your phone and save copies to your cloud account. That way, if you lose the paper copies you have photocopies that you can show to officials on your phone or if you have lost your phone, you can show them on a laptop or notebook computer.

 

  

 

Frommer’s:

https://www.frommers.com/tips/hotel-news/are-hotel-room-safes-safe-the-surprising-truth-behind-online-fears?utm_medium=flipdigest.ad.20240312&utm_source=email&utm_content=article&utm_campaign=campaign