As more commercial activities take place during the pandemic, it is not surprising that cybercriminals would cash in on this trend with aggressive and targeted tactics that can trick even the most tech-savvy individual.
Once criminals get a hold of their target’s credentials, they are free to access and steal assets. In many cases, victims end up with irretrievable losses.
Countering cybercriminals is increasingly challenging for centralised institutions looking after the data of millions of users. With the rapid advancement of technologies, cybercriminals continue to find security loopholes that allow them to skirt additional security features like one-time passwords (OTPs). In the most recent case, cyber thieves reportedly cloned a bank’s sender IDs and sought account holders’ credentials in the same messaging threads, enabling access to bank accounts.
UKISS Technology believes that individuals can better protect themselves from threats like phishing scams by taking on a dual approach that meets both what-you-know and what-you-have requirements.
What-you-know information may include names, email addresses, passwords, and credit card information, while what-you-have may refer to biometric information (e.g., facial recognition or thumbprint) or a physical authentication device.
Through this dual approach, cybercriminals who phished passwords or credit card details from their targets will still fail to access assets as they do not possess the owner’s face, thumbprint or hardware device to complete the authentication.
In the future, individuals and organisations may also want to consider adopting the self-sovereign identity approach to digital security, particularly in the use of decentralised identifiers in two-factor authentication processes.
It is time to take charge of your digital security with multiple layers of protection.