Rene Neff

1. 

   Multifactor Authentication (MFA): Only as strong as the weakest link in the chain

   Multifactor authentication (MFA) is a method of increasing the security of online services that uses multiple factors to verify a user’s identity. There are three basic factors used in authentication: knowledge, possession and biometrics. Knowledge-Based Procedure The knowledge-based method verifies what the user knows. An example of this type of multi-factor authentication is the use of so-called “Knowledge-Based Authentication” (KBA) questions. Here, the user must answer a series of personal questions during registration, the answers to which only he or she should know.

2. 

   Phishing, what is it actually? (Part 3)

   Phishing is a form of cyber attack in which attackers attempt to trick users into revealing sensitive information by pretending being a trusted source. There are different variants of phishing. In this blog post, we present three specific types of phishing: Smishing, Vishing and Email Clone Phishing. It thus continues our series on phishing: Phishing, What Is It All About? (Part 1) und Phishing, What Is It All About? (Part 2).

3. 

   Phishing in 2023 - Our Predictions

   Phishing attacks are one of the biggest threats in the digital world and a steady increase has been observed for years. It is likely that this will continue in 2023. Here are some predictions of what we expect to see in 2023 in the context of phishing attacks. Increase in Ransomware Incidents Phishing attacks are usually the first step to deploy ransomware into corporate infrastructures. The insidious malware spreads in the internal network and then encrypts critical business data.

4. 

   Verify Login Credentials to Protect against Credential-Stuffing Attacks

   Users to Verify Their Login Credentials to Protect against Credential-Stuffing Attacks Checking credentials against leaked login information is an important safeguard to protect against credential stuffing attacks, as it helps prevent the use of stolen credentials. When users check their credentials on a platform that matches whether the data has been leaked in the past, they can determine whether their credentials may have already fallen into the hands of attackers. If so, they should change their password as soon as possible and, if necessary, consider other security measures such as enabling two-factor authentication.

5. 

   Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

   Risks to Users of Online Platforms from Credential-Stuffing Attacks Credential stuffing attacks pose a high risk for users of online platforms. Criminals’ access to online accounts can lead to financial damage, for example when purchasing goods with stolen credit cards or by exploiting access data to paid offers. Credential-stuffing attacks also pose a risk of identity theft, as attackers may have access to personal information and documents when they access an account.

6. 

   Credential Stuffing: A Threat to Online Platforms and Their Users

   Credential stuffing attacks are a cyber attack type in which attackers attempt to use credentials obtained through data leaks and other means on various online platforms. In these attacks, automated scripts are used to try out the credentials at high speed on many of these portals. If credentials are correct, attackers can usually fully access and abuse a legitimate user’s account. The stolen credentials are often gathered in so-called collections and traded by criminals on the dark and deep web.

7. 

   Dark Web vs. Deep Web - What can you find there?

   Many have heard of the Dark Web, as it is often depicted in movies and books. But what exactly is it? The regular Internet that people use in their everyday lives belongs to the so-called “Surface Web” and accounts for only 10% of the total amount of data on the World Wide Web. The Deep Web can be thought of as an intermediate layer between the Surface Web and the Dark Web.

8. 

   How often should you change your passwords?

   Always and nearly everywhere you are told how to choose a secure password: Upper and lower case letters, numbers and special characters, no variations of already existing passwords and in no case use a password more than once. After you have chosen your password appropriately, the only question that remains is: how often you should change your passwords. Originally, a regular password change several times a year was recommended, often every three months.

9. 

   Phishing, What Is It All About? (Part 2)

   It is well known that the number of phishing attacks continues to increase. Just like the fact that Germany is one of the countries most affected. The first part of “Phishing, What Is It All About?” covered e-mail phishing, baiting and search engine phishing and explained how to protect yourself from these types of phishing. In this part, CEO Fraud, Corporate Phishing and Angler are presented. CEO Fraud Also known as Business Email Compromise (BEC), this is when email addresses of key people within a company, such as the CEO, have been captured.

10. 

    Phishing, What Is It All About? (Part 1)

    The number of phishing attacks increased by 29% in 2021 compared to the previous year, and Germany was the third most attacked country. But what exactly is “phishing”? In phishing, someone poses as a reputable and trustworthy person or company and, by manipulating the victim, achieves that the latter clicks on or opens a file, link or similar. This usually then leads to personal information being stolen or malware being installed.