Cybercrime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users

Update, Oct. 17, 2024: This story, originally published Oct. 16, includes details of a new Fast Identity Online Alliance protocol to accelerate cross-platform passkey adoption and bolster account protection.

Those who would attack your email and social media accounts have proven to be early adopters of evolving technology, such as large language models and AI-generated chat, in order to hack and scam their victims. Last week, a story I published about a security consultant who very nearly got caught out by a highly sophisticated, AI-powered, hacking attempt against his Gmail account went viral. This week, a team of researchers released details of the sheer volume of malicious apps that found their way onto the official Google Play Store last year. And now the Action Fraud team, operated by law enforcement in the U.K., has issued a warning to users of all email and social media platforms about ongoing threats that have cost more than 33,000 victims in excess of $1.8 million in fraud after their accounts were hacked. Here’s what you need to know and what you must do right now to protect your Gmail, Outlook, Facebook and X accounts.

Action Fraud Warns All Users To Protect Email And Social Accounts With 2FA

The U.K. national fraud and cybercrime reporting center, Action Fraud, is run jointly by the City of London Police and the National Fraud Intelligence Bureau. When these people issue a warning, it’s advisable that you take them seriously, regardless of what country you happen to be in. Although the reporting service is purely for U.K. cybercrime reporting in England, Wales and Northern Ireland, the advice given is applicable pretty much wherever you are in the world.

MORE FOR YOU
Today’s NYT Mini Crossword Answers For Friday, October 18
Comet Tracker Tonight: When, Where And How To Find It On Friday
Does ‘Smile 2’ Have An End Credits Scene?

I can’t think of an example that represents this better than the warning issued as part of Cybersecurity Awareness Month to users of all email and social media platforms to protect their accounts from hackers, scammers and fraudsters. The number of victims quoted, along with the financial losses, relate to a single 12-month period ending in August 2024, and only cover attacks that were actually reported to Action Fraud covering the previously mentioned geographic area. However, it’s a large enough statistic, when multiplied around the world, to not only take notice of but react to. Which is why Action Fraud is taking to social media to encourage people to better protect their Gmail, Outlook, Facebook and X accounts.

“Cyberattacks and hacking are carried out by faceless cybercriminals who target unsuspecting victims looking to take advantage of unprotected social media and email accounts,” Adam Mercer, the deputy director of Action Fraud, said. “If you have the option, enable 2-step verification to ensure you have twice the protection for all your accounts.” Two-step verification, often referred to as two-factor authentication, cannot guarantee account security, but it sure makes it a lot harder for hackers and scammers to get into your accounts.

Check your email and social media platforms for details of how to activate 2FA here: Gmail, Outlook, X, and Facebook.

Using Passkeys To Bolster Account Protection Is Getting Easier

The Fast Identity Online Alliance has been building partnerships since 2012 to address what was, and to some extent remains, a lack of interoperability among the robust authentication technologies that exist. This is vital work, and the moves that FIDO has made across those 12 years are beginning to make a big difference when it comes to protecting user accounts. A new credential exchange protocol that FIDO, along with partners including Apple, Google, Microsoft and Samsung as well as password management vendors 1Password, Bitwarden, Dashlane, Enpass, NordPass and Okta, are working towards has now been published. At least in a “working specifications” guise.

The new protocol is designed to bring secure, as in end-to-end encrypted secure, passkey transfers between vendors. Passkeys add an extra layer to the authentication process that outperforms user credentials such as username and passwords when it comes to secure account login and user authentication. In many ways, you can think of passkeys as wrapping up login and 2FA in one easier to use and more secure technology. “Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster,” a FIDO spokesperson said, “and 20% more successful than passwords or passwords plus a second factor…”