The Latest / Data Security News
April 12, 2018
Strong identity management authentication is needed more than ever. We often hear about hacks that steal email addresses, phone numbers and names – and then remain thankful social security numbers and financial information wasn’t stolen. But one recent phishing attempt shows how hackers can use that basic personal information to potentially cause greater damage.
The need for identity management authentication has been demonstrated in a recent phishing tactic exposed by twitter user @_thp. In the attack, the would-be hackers have the Gmail email address and phone number of their targets. They send a text message that says:
‘Did you request Google reset the password for [email protected]? If not, respond with STOP.”
This is where you should just ignore the message, a service like google wouldn’t ask users to respond in such a way to stop something happening. By sending ‘Stop’ back, you are merely confirming to attacks they have the correct phone number for the email account.
If you should respond with ‘STOP’, the text is followed up by a second which says:
‘Confirm the six digit numerical code to STOP the password reset. Respond with “882” to have the verification code re-sent’
The hackers at the same time request a password change for the email address, prompting Google to send the real owner of the email address a one-time passcode to their phone. The hackers are attempting to trick people into sending them the one-time passcode so that they can successfully access their account. Thankfully, user @_thp was not caught out – but it is not hard to imagine how such tactics could have success.
Identity management authentication is needed because this is just one example in a sea of tactics that hackers have. Through phishing and social engineering, they try and steal your login details, so they can get up to all kinds of mischief. That’s why when your email address and phone number get stolen, it might not seem it at first, but it is a very big deal.
Hackers have all kinds of nefarious ways of hacking into system and networks, but humans remain a weak point they target. If they can trick just one human to giving up login details of a valuable network, they have unauthorized access that can often go undetected.
The solution for organizations is to take out the potential for human error. Services like Google should be commended for having two-factor authentication, but as this example shows, it can still be hit by phishing attacks.
What we do here at Global Data Sentinel, is provide a multi-factor authentication process that can’t be phished. Hackers can’t steal a biometric over the internet. They can’t trick you into sending them a fingerprint in the same way they can a password or code.
Access control to a Global Data Sentinel security ecosystem can be tied to biometrics to ensure only those authorized and approved can login. No one else can use your login credentials when you use a biometric. It’s unique to you and tied directly to you – it can’t be phished.
In addition to this, Global Data Sentinel uses encryption for individual files and folders, so if a hacker did manage to compromise your system, as soon as they tried to access files they didn’t have access rights to, red flags would be raised in your security system and that account would be locked out.
Strong Identity Management authentication is something all organizations who value the security and safety of their network should consider.
Your key and files are encrypted on your device before they are ever sent to, or stored with us. We can’t even access your key or files.
May 20, 2015