What to do when receiving unprompted MFA OTP codes

Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen.
One of the initial components of a cyberattack is the theft of legitimate credentials to corporate networks and online services.
These credentials can be stolen in phishing attacks, credential stuffing attacks, via information-stealing malware, or social engineering attacks.
The stolen credentials are then used to breach corporate networks for data theft, espionage, and ransomware attacks or to conduct financial fraud in consumers' online retail accounts.
Marketplaces devoted to selling stolen consumer online accounts make financial fraud easy, where threat actors can buy accounts for as little as $1.50 to Amazon, Marriot Bonvoy rewards accounts, Dunkin, Instacart, and many other well-known retail stores.
To better secure your online accounts, many companies offer a security feature called multi-factor authentication, which when configured, requires users to enter an additional form of verification before being allowed to log in to their account.
By using MFA, even if a threat actor successfully obtains your account credentials, they cannot log in without first passing the multi-factor verification prompt, significantly reducing successful account breaches.
This week, both a friend and a family member reached out to me stating that they received a text message from Amazon containing an MFA OTP required to log in to their account.
The text message came from the same number used in previous Amazon texts, contained no links, and simply displayed an OTP used for login.
The only difference is that they had not attempted to log into Amazon, so the OTP was unprompted and unexpected.
This meant someone else attempted to use the person's credentials at Amazon but was stopped by the two-factor verification prompt.
When receiving an unprompted 2FA code, the account holder should assume their credentials were stolen and log directly into Amazon, without clicking on any links in text messages or emails, to change their password.
If that same password is used with any of your other accounts, it should also be changed immediately on those sites.
It is also important to not think that since 2FA protected your account you no longer need to change your password.
This is a false sense of security, as threat actors have figured out ways to bypass MFA in the past, so there is no reason to give them the opportunity to do so with your account.
While SMS and email 2FA provide extra protection to your accounts, they are the most risky MFA method to use.
This is because if someone gains access to your email or phone number, such as through a SIM swapping attack, they'll also have access to your OTP codes.
Discord adds Security Key support for all users to enhance security.
Microsoft Authenticator now blocks suspicious MFA alerts by default.
Okta one-time MFA passcodes exposed in Twilio cyberattack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 17 Dec 2023 21:45:14 +0000


Cyber News related to What to do when receiving unprompted MFA OTP codes

What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
1 year ago Bleepingcomputer.com
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
5 months ago Securityboulevard.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
9 months ago Techrepublic.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
7 months ago Bleepingcomputer.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
11 months ago Bleepingcomputer.com
Here's How To Steer Clear Of QR Code Hacking - QR codes, present for years and widely embraced during COVID-19, offer great benefits. Cybercriminals exploit them, creating malicious QR codes to unlawfully access your personal and financial data. These tampered codes pose a threat, potentially ...
11 months ago Cysecurity.news
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
11 months ago Helpnetsecurity.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
11 months ago Securityboulevard.com
How to Scan a QR Code On iPhone - The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR ...
1 year ago Hackercombat.com
What is a one-time password? Definition from SearchSecurity - A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, ...
11 months ago Techtarget.com
Cisco Duo and ISE: Better together in the cybersecurity battlefield - Luckily for you, Cisco Duo and ISE are the perfect pair to protect your network. Think of Cisco Duo's multi-factor authentication as the added layer of security that verifies a user's identity at the time of login, like a high-tech forcefield that ...
1 year ago Feedpress.me
QR Codes Used in 22% of Phishing Attacks - The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries ...
1 year ago Infosecurity-magazine.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
1 year ago Securityboulevard.com
Exploring The Benefits Of Multi-Factor Authentication For Security - That's why I want to talk about multi-factor authentication benefits, a security protocol that requires multiple methods of verification from independent categories of credentials. Traditional security often hinges on just one factor - something you ...
11 months ago Securityboulevard.com
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
1 year ago Cysecurity.news
Post-quantum cryptography: Code-based cryptography - One option is to use error correction codes as a cryptographic primitive. The basics Error correction codes are digital codes used to reliably send data through an unreliable channel. In a noisy channel, corruption of some of the bits would yield an ...
5 months ago Redhat.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
1 year ago Bleepingcomputer.com
CVE-2020-15001 - An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP ...
3 years ago
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security - Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership. ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)