Multifactor Authentication Fraud
Most online services—like email, shopping, and banking—now ask for more than just a password to confirm your identity. Usually, it’s a combination of:
- Something you know (your password)
- Something you have (a one-time code or token)
- Something you are (like your fingerprint or face)
At UHN, when you’re working remotely, you’ll need MFA to access corporate and clinical applications. While MFA adds an extra layer of security, criminals have found ways to trick users if they’re not careful.
To protect yourself from MFA-related fraud, follow these simple tips below.
Tips to identify and avoid Multifactor Authentication Fraud:
Never share an MFA text or authenticator code: Since most MFA systems require a unique code as the second factor be on the lookout for urgent SMS or email messages asking for a code to validate or unlock your account. The urgency is usually because some codes are only valid for a short time so the attacker will ask for it right away. Treat the code as a password & don’t share it!
Be careful when approving your login: Many online services add an additional verification when login activity is seen from a new workstation or device that is not regularly used. This verification will show up in the form of a login validation asking if the login was indeed from you (see sample below). When you receive these messages only approve the attempts that you know that you made.
Reminder: It Starts with You! Be sure to participate in the quizzes and phishing simulations that will be taking place throughout the month. Not only will these activities serve as a healthy refresher for cyber security awareness – there are also many fabulous prizes to be won!
Reminder: It Starts with You! Be sure to participate in the quizzes and phishing simulations that will be taking place throughout the month. Not only will these activities serve as a healthy refresher for cyber security awareness – there are also many fabulous prizes to be won!