Defeating Multi-factor Authentication through a Simple Phishing Email.

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Phishing

"You know, we are protected against phishing because we have implemented multi-factor authentication." This phrase, we have heard it too many times.

As you know, at Arsen we are very committed to raising awareness among employees about cybersecurity.

Where a trained and aware employee is an active defense for the company, an untrained person represents a real danger.

Indeed, a user who has not been properly prepared is a weak link that can be exploited and can bypass the tools and technical protections in place.

In this article, I will show you in a video how from a simple phishing email, we can bypass multi-factor authentication, also known as MFA or 2FA.

Demonstration

Conclusion

As you have understood, 2FA is not a miracle solution that will solve all your identification problems.

It is a good practice that allows for better control over identity and will likely deter or prevent certain attacks.

However, a motivated and skilled cybercriminal will be able to bypass this type of protection if your employees are not properly trained and aware.

Don't miss an article

No spam, ever. We'll never share your email address and you can opt out at any time.