Blog
Topic
All
AIoT
Products and technologies
Industries
All
Logistics
Building
Sustainability
Business trends
Cybersecurity
Events
Trends
Industry News
Company News
Product Announcement
Search blog
Blog
Filter
Cancel
All
AIoT
Products and technologies
Industries
All
Logistics
Building
Sustainability
Business trends
Cybersecurity
Events
Trends
Industry News
Company News
Product Announcement
Reset
Submit

New Phishing Vulnerability Uses Facebook Copyright Violation Threat to Bypass MFA, Hikvision’s Senior Cybersecurity Director Covers this Security Concern 

 

A new phishing vulnerability uses Facebook copyright violation threat to bypass MFA (multi-factor authentication) and trick users. Hikvision Senior Director of Cybersecurity, Chuck Davis, today covers this new cyber threat.  

MFA adds two or more pieces of verifiable evidence or factors to the authentication process to greatly reduce security concerns, by lowering the chances of an account being accessed by the wrong person. Two-factor authentication (2FA) is a subset of MFA and is a means of authenticating with just two pieces of verifiable evidence or factors.

Facebook Scam Attempts to Bypass MFA
A clever new phishing attack against Facebook members is using the threat of action against copyright violations, to trick users into sharing their login information and MFA code.

Naked Security walks through the attack which starts with an email, notifying the victim that there are copyright violations on their Facebook page. The victim is directed to a malicious appeals page that is actually hosted on Facebook.com, rather than a look-alike domain, which is common with cyberattacks. During the process of filing the appeal, the victim is prompted for his or her Facebook username and password, and is then prompted for their multi-factor authentication token.

To prevent becoming a victim to this Facebook “copyright violation” cyberattack, check the email sender carefully, and double check the addresses or links in emails and on pages in social media. You can also follow these seven tips to avoid becoming a victim to a phishing email. These recommendations are from the United States Computer Emergency Readiness Team (US-CERT), and covered in this Hikvision blog.  

 

Security Tip: Enable Multi-Factor Authentication (MFA)
As we saw in the Facebook scam above, attackers are targeting multi-factor authentication to gain access to victim’s accounts. But just because attackers are trying to trick users into sharing their MFA codes, doesn’t mean you shouldn’t use MFA. In fact, enabling MFA on your accounts is one of the best ways to greatly reduce the likelihood that your accounts will be compromised.

Not all websites and applications support MFA, but many do. To see which site support MFA and obtain instructions about how to enable MFA, check out the Two Factor Auth List.

To learn more about MFA, read this Hikvision blog: “Using Multi-Factor Authentication (MFA) to Prevent Phishing Hacks & Vulnerability Exploits.”

Cybersecurity

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contact Us
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro
back to top

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.