Authentication fraud – are your precautionary measures strong enough?

Authentication fraud is becoming an increasingly significant threat to both people and businesses. With this type of fraud, cybercriminals aim to exploit weaknesses in authentication processes or human nature to access personal information. Understanding how authentication fraud works and how to protect yourself is essential for safeguarding your personal and financial data.

What is authentication fraud?

Authentication fraud involves the manipulation or bypassing of authentication mechanisms to gain unauthorised access to systems, accounts, or data. This can include stealing passwords, exploiting vulnerabilities in multi-factor authentication (MFA), or using social engineering tactics to trick individuals into revealing their credentials.

Common examples of authentication fraud include:

1. Phishing attacks (email): Phishing is one of the most common methods used by fraudsters. They will send deceptive emails that appear to be from legitimate sources, prompting their victims to enter their login credentials on fake websites. Once the information is entered, it is captured by the fraudsters.

2. Smishing attacks (SMS text): Smishing is similar to phishing, but instead uses SMS text messages to trick someone into revealing their personal information, or authentication codes.

3. Vishing attacks (voice): Voice call frauds can also be used to bypass authentication measures.

An example of this is when a fraudster calls a client pretending to be their bank and tells them that their account is compromised. The client is then told that they will be passed through to a Voice ID line to complete further security checks, which will enable the account to be secured and the investigation to be completed. The fraudster then initiates a conference call to the bank and remains silent while the client passes Voice ID verification. The fraudster then disconnects the client from the call and is transferred to the genuine bank colleague. Following the Voice ID verification, the fraudster, posing as the client, is able to access the client’s accounts.

4. Man-in-the-Middle (MitM) attacks: In these attacks, cybercriminals intercept communication between two parties to steal sensitive information or initiate a fraudulent transaction once authentication has taken place.

For example, they might set up a server that links to a legitimate website and send a phishing email to an individual. The link in the email routes the user via the malicious server so the fraudster can capture the login details as well as the authentication information.

5. Credential stuffing: This involves using stolen username and passwords, often from a data breach, to gain access to a person’s other accounts. Since many people reuse passwords across different sites, this method can be highly effective.

6. SIM swapping: Fraudsters can trick mobile phone companies into transferring a victim’s phone number to a new SIM card. This allows them to gain access to accounts that use phone numbers for verification.

Tips to avoid becoming a victim of authentication fraud:

1. Use strong, unique passwords: Avoid using easily guessable passwords and never reuse passwords across multiple accounts. Consider using a password manager to generate and store complex passwords securely.

2. Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or an authentication app. This makes it harder for fraudsters to gain access even if they have your password.

3. Be wary of phishing or smishing attempts: Always verify the source of emails or messages before clicking on links, providing One Time Passcodes (OTP) or entering personal information. Look for signs of phishing, such as misspelled URLs, generic greetings, and urgent language.

4. Be wary of vishing attempts: If you receive an unexpected call from your bank regarding unusual activity or a security concern on your account, hang up and call them back on the number you would usually use.

5. Monitor your accounts regularly: Keep an eye on your financial and online accounts for any suspicious activity. Set up alerts for unusual transactions or login attempts.

6. Use security software: Install and regularly update security software on your devices to protect against malware and phishing attacks. Many security programs can block known phishing sites and alert you to potential threats.

7. Educate yourself and your family: Stay informed about the latest fraud tactics and share this knowledge with friends and family. Awareness is a powerful tool in preventing fraud.

8. Consider passkeys: Passkeys are a more secure alternative to traditional passwords and MFA. They use cryptographic keys that are stored on your device, making it nearly impossible for fraudsters to intercept or steal them.

Authentication fraud is a growing concern in our increasingly digital world. By understanding the common methods used by fraudsters and implementing robust security practices, you can significantly reduce your risk of falling victim to these attacks. With suitable precautions, you can protect your personal and financial information from authentication fraud.

Think you’ve fallen victim to an authentication fraud?
Any Nedbank Private Wealth client who thinks they may have fallen victim to fraud should contact us on +44 (0)1624 645000 between Monday and Friday, 8am to 8pm (UK time), except for UK public holidays.

For all other times, please call +44 (0)20 8167 3223.

For more information on how you can protect yourself against fraud, please click here.

References
Scammers can easily phish your multi-factor authentication codes. Here …
How to Prevent Authentication Attacks – CertifID
What You Can Do to Avoid Identity and Credit Fraud – Experian
Getting to grips with Adversary-in-the-Middle threats | TechRadar