Multi-Factor Authentication (MFA) is commonly used to protect your information online. However, MFA is not impenetrable from Social Engineering
If a password is compromised, hackers can deploy several tactics to get around any MFA protection.
The information in this blog has been sourced using The Hackers News. You can read the full story here
Adversary-in-the-middle (AITM) attacks from Social Engineering
An AITM attack involves “deceiving users into believing they’re logging into a genuine network, application, or website.”
Through this hack, people can unwittingly give information to Cybercriminals.
An example of this is a spear-phishing email that arrives in an employee’s inbox.
MFA prompt bombing
This attack involves push notifications in modern authentication apps. After hackers access a password, attackers try to use the password to trigger the MFA prompt for the compromised account.
If the user inputs their details into the MFA prompt, the hackers will gain full access to the account.
Service desk attacks from Social Engineering
Hackers access helpdesks by “feigning password forgetfulness and gaining access through phone calls.”
If the proper verification checks aren’t in place, hackers may be granted access to an organisational environment.
Another way is to “exploit recovery settings and backup procedures by manipulating service desks to circumvent MFA.”
An example of this is when hackers contact a service desk claiming their phone is not functioning or is lost, then request a new account which is controlled by an attacker-controlled MFA authentication device. This will allow the hackers to gain control.
SIM swapping
This technique involves Cybercriminals deceiving “service providers into transferring a target’s services to a SIM card under their control.”
The hackers can then effectively take over the target’s mobile phone service and phone number, letting them intercept MFA prompts and gain full access to accounts.
The unseen side of the internet Most business leaders are familiar with the internet they use every day: websites, emails, social platforms, and cloud
The IT Gap: When “Good Enough” Isn’t Enough Many small and medium-sized businesses rely on traditional IT support to keep things running. It’s a
4th Platform Partners with WatchGuard to Deliver FireCloud: Stronger Security, Less Effort Protect every worker, everywhere 4th Platform has partnered with WatchGuard to bring
The recent cloud outage at AWS, which caused downtime, data unavailability and shaken confidence, is a timely wake-up call for organisations of every size.
In 2025, sustainability is more than a buzzword, for UK organisations, it’s becoming integral to brand reputation, regulation, and cost control. And one of
In just 15 days, Microsoft will begin its formal switch to Windows 11 for eligible devices. Whether you’re managing a team of employees, running
The UK’s traditional phone network, the Public Switched Telephone Network (PSTN Switch-Off), is being retired. By January 2027, it will be permanently switched off.
Ransomware remains the UK’s most serious cyber threat. In July 2025, the Home Office set out proposals to ban ransom payments for public-sector bodies
The UK’s data protection rules are changing again Post-Brexit. With the Data (Use and Access) Act 2025 (DUAA) now law, businesses face new obligations
Why Now? Windows 10 is approaching End of Life Microsoft will retire Windows 10 on 14 October 2025, ending free security and feature updates. The
