This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

08/13/2020

Business Email Compromise Attacks Involving MFA Bypass Increase

Dark Reading

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.

Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

In these attacks, a threat actor who might have obtained the username and password to an MFA-protected email account — via a paste site, for instance — would access the account by signing in from a legacy app that does not enforce MFA. One example is an email client like MailBird, which allows Gmail to be set up via IMAP, says Erin Lundert, data scientist at Abnormal Security.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information