Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it.
How to protect yourself from authentication-in-the-middle attacks
- Keep your wits about you. Being aware of how scammers work is the first step to avoiding them. Don’t assume sponsored search results are legit, and trust that if something seems suspicious then it probably is.
- Use security software. Many security programs block known phishing sites, although domains are often short-lived and get rotated quickly. Malwarebytes Browser Guard can help protect you.
- Use a password manager. Password managers will not auto-fill a password to a fake site, even if it looks like the real deal to you.
- Consider passkeys. Multi-factor authentication is still super-important to enable, and will protect you from many types of attacks, so please continue to use it. However, authentication-in-the-middle attacks only work with certain types of MFA, and passkeys won’t allow the cybercriminals to login to your account in this way. Many services have already begun using passkeys and they’re no doubt here to stay.
SOURCE
Saw it here first!