www.bottomline.com
Open in
urlscan Pro
2600:9000:2491:fc00:b:dfab:3ec0:93a1
Public Scan
Submitted URL: https://go.paymode.com/e/11082/ges-heres-howand-how-stop-them/9cn8pb/1453250916?h=bZE-_kRoe0MgXw6afrMl6JbJ1abp4W5rFX17T...
Effective URL: https://www.bottomline.com/thought-leadership/fraud-and-financial-crime/fraudsters-are-defeating-mfa-challenges-heres-howan...
Submission: On March 17 via api from US — Scanned from DE
Effective URL: https://www.bottomline.com/thought-leadership/fraud-and-financial-crime/fraudsters-are-defeating-mfa-challenges-heres-howan...
Submission: On March 17 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form id="mktoForm_1534" class="" data-behaviour="marketo-form-modal" data-modal-element="modal_get_in_touch" data-form-container-id="modal_get_in_touch" data-get-url="//go.bottomline.com" data-get-munchkin-id="498-XVR-738" data-get-form-id="1534"
data-download-button-target="" data-no-modal-element="" data-form-action="" data-block-id="" data-aoi="" data-asset-type="" data-campaign-id="Web-GL-Contact-Us-En" data-dandb-field-mappings="{"visitorIntelligenceApiKey": "vff2963",
"leadFormName": "mktoForm_1534",
"setInitialCountryByIp" : true,
"companyCountrySearchFieldName": "Country",
"contactEmailSearchFieldName": "Email",
"companyNameSearchFieldName": "Company",
"useLIDropdowns": true,
"visitorIDEnabled": false,
"clearFieldsIfNoEmailSearchMatch": false,
"attributeForFieldLookup": "name",
"initialFocusFieldName": "",
"countryValueType": "plaintext",
"dunsFieldName": "mko_DnBDUNSNumber__c",
"companyNameFieldName": "Company",
"address1FieldName": "Address",
"cityFieldName": "City",
"stateFieldName": "State",
"postalFieldName": "PostalCode",
"countryFieldName": "Country",
"sicCodeFieldName": "SIC_Code__c",
"sicDescriptionFieldName": "SICDescription",
"revenueFieldName": "AnnualRevenue",
"employeeSiteCountFieldName": "mko_NumberofEmployees",
"vanityTitleFieldName": "Title",
"globalUltimateDunsFieldName": "mko_DnBGlobalUltimateDUNS__c",
"phoneFieldName": "Phone"}" data-redirect-url="" data-internal-redirect-url="https://www.bottomline.com/us/thank-you" data-advisor-form="" data-hidden-fields="[]">
</form>https://www.bottomline.com/thought-leadership/api/search
<form data-behaviour="listing" action="https://www.bottomline.com/thought-leadership/api/search" data-form="search">
<div class="filter">
<div class="search-input u-mb-double">
<svg width="30" height="30" class="search-input__icon">
<use xlink:href="/application/themes/rawnet/app/images/sprite.svg#search"></use>
</svg>
<input type="text" class="search-input__input" placeholder="What are you looking for?..." data-element="search-input" name="global_search[search]" aria-label="Site search">
<div class="prediction" data-element="prediction"></div>
</div>
<div class="tabs tabs--btl u-mb u-hidden" data-behaviour="tabs" data-name="global_search" data-hidden="true">
<div class="container">
<div class="u-hidden@min-large">
<button class="tabs__select" data-element="tab-select" data-behaviour="toggle-class" data-target="tabs-{{modifier_class}}" type="button">
<span data-element="tab-select-title">Search Filters</span>
<svg width="32" height="32" class="tabs__arrow">
<use xlink:href="/application/themes/rawnet/app/images/sprite.svg#downarrow"></use>
</svg>
</button>
</div>
<ul class="tabs__dropdown u-hidden@large" data-element="tabs-{{modifier_class}}" data-class="u-hidden@large" data-list="tab-list"></ul>
</div>
</div>
<div class="grid grid--4-col grid--break@large u-mb-half u-hidden" data-hidden="true" data-element="filters" data-class="u-hidden@large" data-list="category-list" data-name="global_search"></div>
<hr class="hr hr--dark hr--thick u-mt0 u-mb u-hidden" data-hidden="true">
</div>
<div data-element="results" class="u-pb u-mb-half u-flex u-flex-wrap" data-hidden="true">
</div>
<nav class="pagination pagination--inverted u-hidden" data-hidden="true">
<ul class="pagination__list" data-element="pagination"></ul>
</nav>
<input class="pagination__input" data-element="pagination-input" name="page" type="hidden" value="1">
<div data-element="loading-container"></div>
</form>Text Content
Google +FacebookTwitterTumblrPinterestInstagramLinkedInFlickrEmailWhatsAppPrint
* Company
* Company
* About
* Leadership
* Careers
* Partners
* Locations
* COMPANY
* About
* Leadership
* Careers
* Partners
* Locations
* Company
* About
* Leadership
* Careers
* Partners
* Locations
* News Center
* News Center
* Press Releases
* In the news
* Newsroom
* Events
* NEWS CENTER
* Press Releases
* In the news
* Newsroom
* Events
* News Center
* Press Releases
* In the news
* Newsroom
* Events
* +1 (800) 472 1321
* Solutions
BOTTOMLINE SOLUTIONS | OR BROWSE ALL PRODUCTS
Paymode-X
Make and receive secure and convenient electronic payments using a solution
trusted by 500,000+ member businesses.
Digital Banking
Market-leading digital banking and payments platform to engage intelligently
with customers, and acquire, deepen and grow profitable relationships.
Automate AP
Maximize efficiency, visibility and security by automating the entire
invoice-to-pay process with Paymode-X.
Fraud and Financial Crime Management
Gain unparalleled protection from internal fraud and external financial crime.
Meet compliance and regulations without complexity.
PTX Cash Management and Payments
Offer a simple way for your organisation to replace spreadsheets with
automation, develop more timely cash visibility and secure greater payments
control without the complexity of a TMS implementation.
Financial Messaging and Bank Connectivity
Securely communicate, reconcile and manage financial transactions across your
global financial supply chain.
Legal Spend Management
Gain insight into your data, improve bill review process, increase efficiency,
enable better decision making, enhance vendor relationships and deliver improved
program results.
DON’T GAMBLE WITH YOUR BOTTOM LINE
Talk with us at NACHA 2023 Booth #529
Hear how we help financial institutions advance their payments modernization
efforts.
Explore
* Company Type
COMPANY TYPE
Businesses
Digitally transform invoice and payment processes across your business to reduce
costs, improve security and optimize working capital.
Financial Institutions
A comprehensive digital banking and payments platform to acquire, strengthen and
grow profitable relationships.
Legal
Gain insight into your data, improve bill review process, increase efficiency,
enable better decision making, enhance vendor relationships and deliver improved
program results.
* Resource Hub
RESOURCE HUB
Bottomline Blog
Your destination for content that helps companies make business payments simple,
smart and secure. Check back often for best practices, insights and perspectives
from our subject matter experts and partners.
Customer Success
Bottomline puts customers first. See what our customers have to say about us!
Events
View upcoming industry and Bottomline events and webinars, from large global
conferences to expert-led webinars.
Resources
Transform your organization with our knowledge base of white papers, research
reports, on-demand webinars and more.
Customer Support Get in touch Search
* Overview
* Content categories
Fraud and Financial Crime
Financial Technology and Data
Banking and Financial Messaging
Regulation and Compliance
Corporate Payments and Payables
Treasury and Cash Management
Digitization and Transformation
Browse all articles
Subscribe
BACK
Customer Support
Get in touch
Phone +1 (800) 472 1321
Search
Customer SupportGet in touch
--------------------------------------------------------------------------------
Subscribe
--------------------------------------------------------------------------------
* Overview
* Content categories
* Content categories
* * Fraud and Financial Crime
* Financial Technology and Data
* Banking and Financial Messaging
* Regulation and Compliance
* Corporate Payments and Payables
* Treasury and Cash Management
* Digitization and Transformation
* Browse all articles
* Solutions
DON’T GAMBLE WITH YOUR BOTTOM LINE
Talk with us at NACHA 2023 Booth #529
Hear how we help financial institutions advance their payments
modernization efforts.
Explore
* Bottomline Solutions Browse all products
* Bottomline Solutions | Browse all products
* * Paymode-X
Make and receive secure and convenient electronic payments using a
solution trusted by 500,000+ member businesses.
* Digital Banking
Market-leading digital banking and payments platform to engage
intelligently with customers, and acquire, deepen and grow profitable
relationships.
* Automate AP
Maximize efficiency, visibility and security by automating the entire
invoice-to-pay process with Paymode-X.
* Fraud and Financial Crime Management
Gain unparalleled protection from internal fraud and external financial
crime. Meet compliance and regulations without complexity.
* PTX Cash Management and Payments
Offer a simple way for your organisation to replace spreadsheets with
automation, develop more timely cash visibility and secure greater
payments control without the complexity of a TMS implementation.
* Financial Messaging and Bank Connectivity
Securely communicate, reconcile and manage financial transactions across
your global financial supply chain.
* Legal Spend Management
Gain insight into your data, improve bill review process, increase
efficiency, enable better decision making, enhance vendor relationships
and deliver improved program results.
* Company Type
* Company Type
* * Businesses
Digitally transform invoice and payment processes across your business to
reduce costs, improve security and optimize working capital.
* Financial Institutions
A comprehensive digital banking and payments platform to acquire,
strengthen and grow profitable relationships.
* Legal
Gain insight into your data, improve bill review process, increase
efficiency, enable better decision making, enhance vendor relationships
and deliver improved program results.
* Resource Hub
* Resource Hub
* Bottomline Blog
Your destination for content that helps companies make business payments
simple, smart and secure. Check back often for best practices, insights and
perspectives from our subject matter experts and partners.
Customer Success
Bottomline puts customers first. See what our customers have to say about
us!
Events
View upcoming industry and Bottomline events and webinars, from large
global conferences to expert-led webinars.
Resources
Transform your organization with our knowledge base of white papers,
research reports, on-demand webinars and more.
Or browse all products
Customer Support Get in touch
* Company
* Company
* About
* Leadership
* Careers
* Partners
* Locations
* COMPANY
* About
* Leadership
* Careers
* Partners
* Locations
* Company
* About
* Leadership
* Careers
* Partners
* Locations
* News Center
* News Center
* Press Releases
* In the news
* Newsroom
* Events
* NEWS CENTER
* Press Releases
* In the news
* Newsroom
* Events
* News Center
* Press Releases
* In the news
* Newsroom
* Events
--------------------------------------------------------------------------------
Customer Support
Get in touch
Subscribe
Home Fraud and Financial Crime Fraudsters are defeating MFA challenges. Here's
how-and how to stop them
FRAUDSTERS ARE DEFEATING MFA CHALLENGES. HERE'S HOW-AND HOW TO STOP THEM
FRAUD AND FINANCIAL CRIME
Chris Gerda
Apr 19, 2022
Share:
TwitterLinkedInEmail
Multi-factor authentication (MFA) has been the best protection against payment
fraud. Unfortunately, Fraudsters have huge toolkits at their disposal designed
to acquire passwords or glean personal information that can help defeat
challenges, but MFA puts a critical piece of identity verification outside a bad
actor’s reach.
No single defense is perfect, however, and fraudsters have been chipping away at
this line of defense for a while. In recent months, a pair of threats to MFA
have emerged that deserve your attention, especially because one of them has
become such a severe problem that the FBI felt issued a warning about it.
Another scheme involving your business phones has been emerging in the early
months of 2023, as well.
At Paymode-X, we deploy advanced protections to prevent exactly these kinds of
sophisticated account takeover frauds; we see them often, and it’s a primary
reason our B2B payments customers utilize Paymode-X. If you don’t, or you’re not
working with a company like ours that can protect your sensitive bank account
information from unauthorized updates or payment initiations to thwart business
payment fraud, you’re going to want to know how to stop these three methods
today.
Let’s take a look at three of the strategies fraudsters are using to hack your
accounts and emails and the solutions to each.
SIM SWAP
Obtaining a text code to your phone is something we are all familiar with when
we try to log in to one of our accounts for a new device. Fraudsters know this
too, and so they will try to use a SIM swap, which is essentially your phone
number regardless of the device it’s in. These fraudsters use social
engineering, compromise your mobile carrier login, or even have an insider help
in assigning your phone number to a new SIM card, one that just happens to be in
the hands of a bad actor.
Regardless of how they ultimately get the job done, once the number is switched
the criminal a bonanza of personal information including calls, texts, contacts,
and other information that can help them defeat MFA challenges.
Essentially, once the swap has been completed, fraudsters simply plug your phone
number when they get the “forgot password” prompt on, say, your bank account,
receive the verification text and then make off with your money. By the time
you’re wise to the scheme and contact your mobile carrier to get the number
switched back, you or your company may already be out a significant sum.
VOICE OVER IP (VOIP) ACCESS
In the early going here in 2023, we have seen a rising number of attempts (and
unfortunately, successful attempts) at compromising VoIP phone accounts at
businesses. Most phone providers unfortunately do not enable MFA protection for
the online portals you would use to log in to and manage your VoIP phone
account. You have to go out of your way to set that protection up.
It's well worth doing so, given the ability for fraudsters to access critical
information in your online portal and impersonate you. Because these phones are
so lightly protected, and many business professionals re-use passwords on their
phones, a fraudster who breaks into your VoIP phone account can do a lot of
damage by using it to get into other systems.
REVERSE PROXY, OR THE SCOURGE OF FAKE LOGINS
Akin to the SIM swap scheme rise, in part due to the percentage of overall users
utilizing MFA to stop fraud, fraudsters are also able to steal your MFA codes by
using fake website for real banks and online services. As BleepingComputer
outlines, these reverse proxy solutions—I prefer to call them fake website
logins which is really what they are, because it imparts urgency, but also
directly calls it what it is.
From these fake websites, fraudsters redirect unsuspecting victims from an email
to what looks like a legitimate bank login site. Once you put in your
credentials, however, the information on these fake login sites is being
immediately used by the fraudster to log into your actual bank account on the
real website. Since they are on a new device--theirs--they will need an MFA
code; and it just so happens your going to need to do the same when you are
concurrently logging into the fake website.
You will get the code from your real bank and input it allowing them to see it
and use it on the spot to access your real account. Furthermore, after you put
in the code on the fake website they will redirect you to the real company
website so you never have a chance to realize you have been duped and just think
that your login didn’t happen to work.
The end result is the same as it is for the SIM swap scheme, or really any other
fraud scheme: The bad guy is in your bank account and happily transferring your
hard-earned money into their accounts. The sophistication of these sites and how
convincing they appear can make them hard to avoid.
HOW TO PREVENT ALL THREE
There are four critical steps you can take to defeat these kinds of fraud. The
first is to protect your SIM card with an extra layer of security adding a PIN
code, because that’s information a fraudster cannot access when trying to
execute a SIM swap. That will stymie their efforts to get the number transferred
to their device. In fact, I’d recommend that everyone protect their SIM card
with a PIN, which is offered by all cell providers, because of how simple and
powerful that extra layer of security can be.
For fake logins, the advice is timeless: Don’t click on a link in an email
unless you’re certain you know who it’s from and why it’s being sent. If you’re
being taken from an email directly to your bank’s login page, it’s likely best
to close out that window entirely, navigate to your bank’s website, and log in
from there to make sure you are not being duped into surrendering your
credentials and information needed to defeat MFA challenges to a fraudster.
Being extra cautious with your emails and logins may take a little extra time,
but it can save you from significant losses.
The third step is to secure your VoIP immediately. Go into your account
settings, either through your online portal or the phone itself, and enable MFA
when prompted to do so. Have all password resets and login confirmations sent
directly to a phone in your pocket, and whatever you do, do not use the same
password for your phone as your computer. If one system is compromised, a
fraudster will have quick access to both if they're protected by the same
password.
To protect your payments, consider a fourth step. For high value B2B payments
due to the damaging effects of Business Email Account Compromise (BEC) Fraud and
it involves working with a solution that can protect your bank account
information and payments through multi-layered approaches that build on MFA with
additional authentical layers to create something insurmountable for fraudsters.
If you’ve made it through the last couple of years of remote work and
increasingly digital payment methods without upping your level of sophistication
and protection, you’re fortunate, but it’s time to consider looking into AP
automation providers with advanced defenses capable of securing digital
payments.
These schemes are a reminder that you can never get too comfortable just because
your accounts are protected by MFA challenges. Whether you’re using additional
layers of protection on your phone, working with a partner who can protect your
critical payments and bank account information, or both, 2023 should be a year
of extra vigilance. The cost of ignoring these emerging threats is simply too
high to do otherwise.
RELATED TOPICS
Business Payments Multi-factor Authentication MFA
Q&A: BOTTOMLINE’S CHRISTOPHER GERDA TALKS TECHNOLOGY AND THE POWER OF NETWORKS
STREAMLINING FRAUD DEFENSE WITH ENTERPRISE CASE MANAGEMENT: A SMARTER APPROACH
ARE PAPER CHECKS GUILTY OF SLOWING DOWN YOUR B2B PAYMENTS?
Posted by
Chris Gerda
Chris Gerda serves as the head of risk and fraud prevention at Bottomline, with
a focus on security for Paymode-X. He is responsible for the overall anti-fraud
strategy and technology initiatives to maintain the security of $200 billion in
payments within the 450,000+ network membership base.
Browse all posts
close modal
CALL US.
Our solution experts are here to help.
+1 (800) 472 1321
CHAT WITH US.
Chat with one of our solution experts. We'll recommend the right product to fit
your needs.
Chat now
SEE HOW WE CAN DRIVE YOUR ORGANIZATION FORWARD.
Tell us a bit about you and your business and we’ll get back to you with all the
information you need.
Thank you. We'll be in touch soon.
close modal
Search Filters
--------------------------------------------------------------------------------
SOLUTIONS
* Paymode-X
* Digital Banking
* Automate AP
* Fraud and Financial Crime Management
* PTX Cash Management and Payments
* Financial Messaging and Bank Connectivity
* Legal Spend Management
CUSTOMERS
* Support
* Service Offerings
* Training Programs
COMPANY
* Newsroom
* About
* Careers
* Leadership
* Locations
* Corporate Social Responsibility and Sustainability
* Transparency in Coverage Rule
--------------------------------------------------------------------------------
© 2023 Bottomline Technologies, Inc. Privacy Policy
close modal
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyse site usage, and assist in our
marketing efforts.
Cookies Settings Reject All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalised web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
ADVERTISING COOKIES
Advertising Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.
ANALYTICS COOKIES
Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
PERSONALIZATION COOKIES
Personalization Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
ESSENTIAL COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices