There have long been phishing scams that attempt to mislead you into entering your genuine password on a bogus website.
Regular readers of Naked Security know that taking safeguards like utilizing a password manager and enabling two-factor authentication (2FA) will shield you from phishing mishaps due to the following reasons:
𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐦𝐚𝐧𝐚𝐠𝐞𝐫𝐬 𝐚𝐬𝐬𝐨𝐜𝐢𝐚𝐭𝐞 𝐮𝐬𝐞𝐫𝐧𝐚𝐦𝐞𝐬 𝐚𝐧𝐝 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐬 𝐰𝐢𝐭𝐡 𝐬𝐩𝐞𝐜𝐢𝐟𝐢𝐜 𝐰𝐞𝐛 𝐩𝐚𝐠𝐞𝐬. This makes it challenging for password managers to unwittingly lead you to fraudulent websites because they are unable to fill up any information for you automatically when presented with a website they have never visited before. The password management won’t be deceived even if the phony site is an exact replica of the real one, with a server name that is nearly impossible to tell apart with the naked eye. This is because password managers are normally searching for the URL, the URL alone, and nothing else.
𝐖𝐢𝐭𝐡 2𝐅𝐀 𝐭𝐮𝐫𝐧𝐞𝐝 𝐨𝐧, 𝐲𝐨𝐮𝐫 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐚𝐥𝐨𝐧𝐞 𝐢𝐬 𝐮𝐬𝐮𝐚𝐥𝐥𝐲 𝐧𝐨𝐭 𝐞𝐧𝐨𝐮𝐠𝐡 𝐭𝐨 𝐥𝐨𝐠 𝐢𝐧. Whether they’re created by a mobile app, a secure hardware dongle, or a keyfob that you carry separately from your computer, the codes used by 2FA solutions normally only function once. Only knowing your password—or stealing, purchasing, or guessing it—is no longer sufficient for a cybercriminal
𝐘𝐨𝐮𝐫 𝐨𝐧𝐥𝐢𝐧𝐞 𝐚𝐜𝐜𝐨𝐮𝐧𝐭𝐬 𝐚𝐫𝐞 𝐯𝐚𝐥𝐮𝐚𝐛𝐥𝐞 𝐭𝐨 𝐜𝐲𝐛𝐞𝐫𝐜𝐫𝐢𝐦𝐢𝐧𝐚𝐥𝐬 𝐟𝐨𝐫 𝐭𝐡𝐫𝐞𝐞 𝐦𝐚𝐢𝐧 𝐫𝐞𝐚𝐬𝐨𝐧𝐬:
- -Criminals may get access to your sensitive information if they have full access to your social media accounts. Your risk of identity theft may grow if this information is compromised, whether they sell it on the dark web or misuse it themselves.
- -The ability to post through your accounts allows fraudsters to use your reputation to spread false information and news. Unless and until you can prove that your account was compromised, you risk being banned from the platform, locked out of your account, or in trouble in public.
- -The thieves can actively pursue your friends and family if they have access to your predetermined contacts. Not only are messages sent from your account far more likely to be seen by your own contacts, but they are also much more likely to be read carefully.