At Smikteck, we take the security of our clients’ information very seriously. Unfortunately, we have noticed an increase in phishing scams and man-in-the-middle tactics targeting CEOs and CFOs to bypass two-factor authentication (2FA) or multi-factor authentication (MFA) logins. This has become a global problem affecting millions of users and some of the biggest companies on the planet. Even major companies like Reddit, Twitter, and Coinbase have been targeted by these attacks.

These attacks can result in the loss of sensitive information, data breaches, and financial losses. As a trusted provider of IT services, we want to ensure that our clients are informed of these threats and know how to protect themselves.

What does an attack look like?

Hackers are trying to steal your login information, even if you have extra security measures like 2FA or MFA in place. They do this by tricking you into giving them your login details or by using sneaky tactics to grab your login code.

For example, you might get an email that looks like it’s from a trusted colleague with a link to software like DocuSign asking you to log in. The email might have a link that takes you to a fake login page that looks real. When you utilise your Google, Microsoft or Facebook details to log in, the hackers can steal them.

Another way they might try to get your information is by sending you an email with an attachment. The attachment might say something like “please find attached your presentation/invoice/file”. But when you open it, it can install bad software that can take your login code.

So, how can you protect yourself?

To avoid falling victim to these attacks, it is essential to ensure that any emails you receive are legitimate before clicking on any links or opening attachments. You should verify the sender’s email address (not just their name and photo), check for any unusual or suspicious content, and scrutinise any requests for personal or sensitive information.

We recommend that you do not provide sensitive information in response to any email requests, especially if the email appears to be from a familiar source. If you are unsure, contact the sender directly using a known, trusted email address or phone number to verify the request’s legitimacy.

Additionally, you can take steps to secure your accounts further by using stronger passwords, enabling two-factor authentication, and keeping your software up to date. Regularly monitoring your accounts for any unusual activity is also a good practice.

Please stay vigilant, and don’t hesitate to contact us if you have any concerns.