Latest news with #2FA
Forbes
16 hours ago
- Forbes
FBI Warns iPhone And Android Users—Do Not Share These Texts
Do not make this mistake on your phone. Republished on July 29 with new text attack warnings for smartphones users. The FBI warns that 'malicious actors' continue to send fraudulent texts and voice messages to 'gain access to personal accounts.' Do not reply to messages unless you recognize the sender's number. But there's more you must do to safeguard accounts. America is under attack from a malicious texting industry sending out billions of messages. Whether undelivered packages, unpaid tolls and DMV fines or Amazon refunds, the objective is to steal your data, your money, even your identity. But sometimes even legitimate texts can be dangerous. We're talking two-factor authentication (2FA), which the bureau says you should set up 'on any account that allows it,' and should 'never disable.' But most 2FA codes are delivered by text. And the problem with texts is that you can send them on to others. Never do that, the FBI warns — regardless of who's asking. 'Actors may use social engineering techniques to convince you to disclose a 2FA code,' the bureau says in an advisory reshared this week. Doing so lets attackers 'compromise and take over accounts.' Even if the request comes from someone you know, 'never provide a two-factor code to anyone over email, SMS/MMS or encrypted messaging.' ESET's Jake Moore warns the same. 'Scammers often trick people into revealing them to bypass security checks and take control so even if someone claims to be from your bank, trusted company or even a family member, keep OTPs to yourself.' This all sounds very basic. But if an attacker hijacks one of your friend's messaging accounts, they can pretend to be your friend and ask you to send a code, telling you their phone is not working. The scam is remarkably effective. While you should never share OTP text messages, you can better protect yourself if you stop using them altogether. Use an authenticator app, or better still use a passkey. This links your account to your physical device, making it impossible to steal and use a code. Shifting from SMS to authenticator apps or passkeys is critical now SMS interception and bypass is more common. Per Cybersecurity News, 'criminal enterprises no longer require extensive technical expertise to deploy advanced mobile threats, as ready-to-use malware kits are now available for subscription fees as low as $300 per month.' Banks in Australia and UAE are already calling time on SMS 2FA codes, and you should now do the same. But if you are using those codes, it's even more critical that you never share them, regardless of who is who's asking and the reason they're giving. While SMS persists, Cybersecurity News warns of a 'fundamental shift toward industrialized cybercrime, where specialized providers handle technical complexities while criminal customers focus solely on victim targeting and monetization strategies.' This isn't new. Per one warning from 2021, while 'figures suggest users who enabled 2FA ended up blocking about 99.9% of automated attacks, as with any good cybersecurity solution, attackers can quickly come up with ways to circumvent it. They can bypass 2FA through the one-time codes sent as an SMS to a user's smartphone.'
Forbes
a day ago
- Forbes
FBI Warns All Smartphone Users—Never Send These Texts
Do not make this mistake on your phone. The FBI warns that 'malicious actors' continue to send fraudulent texts and voice messages to 'gain access to personal accounts.' All smartphone users have been told not to reply to messages unless they recognize the sender's number or email address. But the bureau has also issued advice for citizens to stop accounts being hijacked. This relates to text messages. America is under attack from a malicious texting industry sending out billions of messages. Whether undelivered packages, unpaid tolls and DMV fines or Amazon refunds, the objective is to steal your data, your money, even your identity. But sometimes even legitimate texts can be dangerous. We're talking two-factor authentication (2FA), which the bureau says you should set up 'on any account that allows it,' and should 'never disable.' But most 2FA codes are delivered by text. And the problem with texts is that you can send them on to others. Never do that, the FBI warns — regardless of who's asking. 'Actors may use social engineering techniques to convince you to disclose a 2FA code,' the bureau says in an advisory reshared this week. Doing so lets attackers 'compromise and take over accounts.' Even if the request comes from someone you know, 'never provide a two-factor code to anyone over email, SMS/MMS or encrypted messaging.' ESET's Jake Moore warns the same. 'Scammers often trick people into revealing them to bypass security checks and take control so even if someone claims to be from your bank, trusted company or even a family member, keep OTPs to yourself.' This all sounds very basic. But remember, if an attacker hijacks one of your friend's messaging accounts, they can message you pretending to be your friend, asking you to send the code you will receive. They will tell you their phone is not working and they have given your number for the code instead. The scam is remarkably effective. While you should never share OTP text messages, you can better protect yourself if you stop using them altogether. It's far better to use an authenticator app, which most major platforms now offer as an alternative to SMS. And better still use a passkey. This links your account to your physical device, making it impossible to steal and use a code. Banks in Australia and UAE are already calling time on SMS 2FA codes, and you should now do the same. But if you are using those codes, it's even more critical that you never share them, regardless of who is who's asking and the reason they're giving.
Forbes
3 days ago
- Forbes
New FBI Warning — Windows And Linux Users Must Apply 2FA Now
FBI warns of Interlock threat - enable 2FA now. There are some weeks that I almost feel like I have joined the Federal Bureau of Investigation, given the number of alerts that I am exposed to. Within just the last few days, I have shared a warning to 10 million Android users to disconnect their devices, another for all smartphone users as phantom hacker attacks continue, and now comes the FBI recommendation for Windows and Linux users to urgently enable two-factor authentication to complete the cyber-trilogy. Here's everything you need to know when it comes to mitigating the Interlock ransomware threat. FBI And CISA Issue Joint Interlock Ransomware Warning A relatively new ransomware threat is, according to the Cybersecurity and Infrastructure Security Agency, on the rise and targeting both businesses and critical infrastructure providers with double-extortion attacks. A July 22 joint cybersecurity advisory, issued alongside the FBI under alert code aa25-203a, was prompted by ongoing FBI investigations that have identified both indicators of compromise and the tactics, techniques and procedures used by the attackers. 'The FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems,' the alert confirmed. Although I would heartily recommend reading the full alert for all the technical details, the attacks can be summed up as employing drive-by-downloads and ClickFix social engineering to gain initial access. Once the system has been breached, the attackers then deployed credential stealers and keyloggers to obtain account credentials and execute the necessary lateral movement and privilege escalation required to deploy the ransomware and exfiltrate data. This article, however, is less about the how or why (they are after money, duh!) and more concerned with mitigation. Luckily, the FBI has some excellent and detailed advice about how to prevent such attacks, so let's take a look at what you need to do. Mitigating The Interlock Ransomware Threat — The FBI Recommendations Mitigating the Interlock threat Prevention is always better than cure, and that is no truer than when applied to the world of cybersecurity. Mitigating a threat is the priority for every security team, nobody wants to be dealing with the fallout of failings to do. The FBI is aware of this, which is why the cybersecurity alert features a large, red bullet point mitigation table at the top of the advisory. It's also why it's the focus of this article. While the 'actions for organizations to take today' list is, of course, extremely valuable, it is not the complete litigation picture. For that you need to dig deeper into the alert itself. Personally, I would move number four up to number one as well - especially the employing 2FA across accounts advice, as this is crucial in preventing the lateral movement and privilege escalation that enables a successful ransomware attack. But anyhoo, let's explore the full FBI mitigation advice in our own bullet point list, shall we? And, as the FBI notes, implement a recovery plan!
AsiaOne
17-07-2025
- AsiaOne
15 people under investigation for sharing Singpass credentials and facilitating scams, Singapore News
Fifteen persons are under investigation for allegedly sharing their Singpass credentials and facilitating scams that led to losses of over $890,000. The island-wide anti-scam enforcement operation was conducted between July 8 and 11, said the Singapore Police Force (SPF) on Thursday (July 17). Led by SPF and the Singpass Anti-Fraud Team, the joint operation resulted in six of the 15 individuals — five men and one woman — being arrested. The six individuals, aged between 19 and 56, were arrested for offences under Section 8A of the Computer Misuse Act 1993. According to the police, they relinquished their Singpass credentials which were allegedly used to open bank accounts that were subsequently implicated in a range of scams. Based on preliminary investigations, the scams had been facilitated in various ways. Some individuals allegedly sold their Singpass credentials, which were then used to open new bank accounts and register for new mobile phone lines. Others allegedly gave unknown parties access to their Singpass accounts without verifying their identities. Some also fell prey to fraudulent job offers or bogus investment schemes. In such cases, scam operators convinced these individuals that Singpass access was necessary to set up employment profiles, verify their identities for job applications, or create investment accounts. Investigations are ongoing. If convicted, they will face a jail term of up to three years, a fine or both. The police have reminded members of the public to protect their Singpass passwords or 2FA details from unknown people as they could be misused for illegal activities, and that they will be held accountable if found to be linked to such crimes. Members of the public may report scams via the police hotline at 1800-255-0000 or submit information online at [[nid:720166]]
Straits Times
17-07-2025
- Straits Times
15 under police probe for sharing Singpass credentials used in scams
Find out what's new on ST website and app. Members of the public should never disclose their Singpass passwords or 2FA details to unknown persons, the police said. SINGAPORE - Fifteen people here are being investigated for sharing their Singpass credentials, which were later used in scams where victims lost over $890,000 in total. Police also arrested five men and one woman, aged between 19 and 56 , among the 15 under probe. In a statement on July 17 , police said that the scams were carried out in several ways. First, some people allegedly sold their Singpass credentials which were later misused to open new bank accounts and register for new mobile phone lines. Others had given unknown parties access to their Singpass accounts without verifying their identities. In another example, some people shared their Singpass credentials after being deceived by scammers offering employment or investment schemes. They were convinced that they needed Singpass access to set up employment profiles, verify their identities for job applications, or create investment accounts. Top stories Swipe. Select. Stay informed. Singapore Fatal abuse of Myanmar maid in Bishan: Traffic Police officer sentenced to 10 years' jail Singapore HSA launches anti-vaping checks near 5 institutes of higher learning Singapore Kpod vapes, zombie kids: Why it's time to raise the alarm Life 11 new entries on Singapore's Bib Gourmand list, including three re-entries at Old Airport Road Singapore NEA monitoring E. coli at Sentosa beaches after elevated bacteria levels delay World Aquatics events Life First look at the new Singapore Oceanarium at Resorts World Sentosa Opinion The workplace needs to step up on mental health to match Singapore's efforts at the national level Singapore Singapore Zoo celebrates reptile baby boom, including hatchings of endangered species The 15 people, aged between 18 and 68 , were found following an island-wide anti-scam enforcement operation conducted between July 8 and 11 . The operation involved officers from the Commercial Affairs Department, seven police land divisions, and the Singpass Anti-fraud team. If found guilty of disclosing their Singpass credentials to facilitate an offence, they face a jail term of up to three years, a fine, or both. Members of the public should never disclose their Singpass passwords or 2FA details to unknown persons, the police said. These credentials can be misused to access various digital services, including the opening of bank accounts, e-wallets, crypto accounts, and mobile phone lines for illegal activities. To report scam-related information, the public can call the police hotline on 1800-255-0000 , or submit details online at with the assurance of confidentiality.
