Toggle navigation
Additional Navigation

National Cybersecurity Awareness Month: Multi-factor authentication fraud

As part of National Cybersecurity Awareness Month (NCSAM), Campus Technology Services (CTS) is focusing this week on multi-factor authentication (MFA) Fraud. MFA is an excellent tool used to protect accounts from compromise, but like with passphrases, malicious actors try to find ways to circumvent MFA in an attempt to access accounts. By keeping the following things in mind you can help protect your account from MFA fraud:

  1. Don’t share MFA codes: If the MFA method you are using is reliant on entering a code after you first authenticate, only enter the code on the website/app the account is related to. Always verify that you are on the real website or using the services’ official app. If a malicious actor gains access to your current MFA code, they can use it to try and generate more codes that will allow access to your account.

  2. Be vigilant with authentication requests: Some MFA methods utilize a push notification to your device that will ask you if you want to approve or deny the request. Always ask yourself why you would be receiving the request. Is this something you are trying to access? If you don’t know why you are receiving the request, always deny it and change your account passphrase immediately as it may be compromised, and report what happened to the CTS Help Desk immediately.

  3. Malicious actors will ask for access: If you are ever contacted by someone via email or text message asking you to provide a MFA code or approve a MFA request on your phone immediately, treat it with suspicion. This is a common method malicious actors will use to access your account if they already have your credentials and realize you have MFA enabled. If this happens to you, disengage with the individual contacting you and change your passphrase immediately.

By following these guidelines and tips you can help prevent MFA fraud from happening to you. If you believe you are being targeted by MFA fraud or have provided your MFA information to someone you didn’t recognize, contact CTS immediately for assistance by submitting a ticket via email at help@oswego.edu or calling (315) 312-3456 during business hours.

-- Submitted by Campus Technology Services