Aussie Hackers steal hundreds of thousands of dollars
A spate of email attacks have reaped hackers hundreds of thousands of dollars when victim’s house deposits were stolen due to compromised email accounts.
How it happens
Have you ever received an message stating your email account is compromised or over quota and then prompting you to sign in to correct the issue?
This is a common form of Phishing attack, designed to farm your credentials and provide access to your email accounts.
The Phishing email looks legitimate, and one click is all it takes to be compromised.
A single careless click by a staff member is all it takes to let them in, so you must have another layer of protection in place.
If your email account credentials are used elsewhere, then those accounts are also compromised.
You may be thinking that they can’t steal your money with your email account, but once in they can steal client confidential data without you knowing.
Do I have to have Multi-Factor Authentication?
In a word, YES!
If your email system is compromised you may be liable for breaching Australian privacy laws and leave yourself open to legal action.
If you haven’t taken reasonable steps to protect your accounts from hackers, you may not have much of a defense and a strong password is not enough.
It’s cheap, its easy and if your hacked without it then you may be in a world of hurt.
What is Multi-Factor Authentication?
Multi-factor authentication (MFA), also called 2-Factor Authentication (2FA) is a system that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions.
How it works
Once set up, any access to your online accounts requires you to enter your password and a 6 digit number from a mobile application on your smart phone.
The 6 digit number changes every 60 seconds, so if your password is compromised, the attack is foiled by the second layer of protection.
Why you need Multi-Factor Authentication
Having this in place is now considered to be a ‘reasonable’ precaution to protect client confidential data.
If your account is compromised and MFA/2FA is not in place, then you have not taken all reasonable steps and so will very likely loose any legal action taken against you.
Cost is small and relatively quick with most sites taking between 15 minutes and 2 hours to complete the setup (depending on the amount of accounts).
If you don’t have Multi Factor Authentication in place, give us a call to discuss your options.
0417 165 335
Links to news articles about the hacks: