Sirwin
Sirwin

A simple way to protect online accounts against phishing attacks


All businesses and organizations train users to be careful and do not click on unknown links or documents, but this approach does not work for new types of phishing attacks, where redirection to fraudulent websites is accomplished when a user open/saves her/his documents or makes other actions required for her/his work, for example copy/paste/moves some text. See [1-2].

In this post we consider the method of “safety gates” to protect users against ALL types of phishing attacks.

A safety gate is an additional login page, before the main login page, which leads to a user online account.

p1

 

After login via a safety gate, the user sees historical activity information, text and content provided by the user.

 

p2

 

If the user recognize this info then she/he is on the right site and can safely go to the main login page by clicking on the “Enter here!” button.

Now, the user can login to the site with the real password for this site.

 

p3

 

If the user does not recognize the info or this info does not appear at all then the user knows that this is a phishing site and she/he must leave this site.

 

p4

The site may have several safety gates before the main login page in order to increase the security level of online accounts to the desired level.

Even if a hacker will be able to hack the first safety gate page then she/he will not be able to login into the user online account; the hacker only will be able to login into the first safety gate. The user quickly can discover this breach by viewing that someone was logged in the first safety gate. In this case, the user changes the password to the first safety gate and restores security of the online account to the previous level.

Different items such as IP address of the previous login, a quote, a picture, and other content can be added for identification of the correct site.

If a user need to manage multiple different unique passwords for multiple accounts then she/he can do this in the simple and stress free way using a private dynamical passwords generator (DPG). See [4].

 

Sources:

[1] Hackers Target Azure Accounts With Malware-Laden Shared Documents

https://www.pcmag.com/news/hackers-target-azure-accounts-with-malware-laden-shared-documents

 

[2] Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA

https://arstechnica.com/security/2024/02/ongoing-campaign-compromises-senior-execs-azure-accounts-locks-them-using-mfa/

 

[3] A new Microsoft Azure hacking campaign is targeting high-end executives

https://www.techradar.com/pro/security/a-new-microsoft-azure-hacking-campaign-is-targeting-high-end-executives

 

[4] A simple way to manage changes of multiple unique strong passwords for multiple accounts

https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-manage-changes-of-multiple-unique-strong-pas-xrxwydn

 

How do you rate this article?

14


I_g_o_r
I_g_o_r

I am curious about science, technologies and their applications to solving real problems.


Simple solutions to complex problems
Simple solutions to complex problems

Each post is devoted to a simple solution to a complex problem.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.