**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2023-12-18T08:37:02Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

When receiving an unprompted 2FA code, the account holder should assume their credentials were stolen and log directly into Amazon, without clicking on any links in text messages or emails, to change their password.

#CoSoSec #TipsAndTricks

It is also important to not think that since 2FA protected your account you no longer need to change your password. This is a false sense of security, as threat actors have figured out ways to bypass MFA in the past

https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/

Dec 18, 2023, 08:37 · 2· 3· 9

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Dec 18, 2023, 08:39

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Dec 18, 2023, 08:39

Dec 18, 2023, 08:39

⇄ Σ = Mᄃ² ⇆ @[email protected]

so there is no reason to give them the opportunity to do so with your account.

(for any account not just Amazon don't be led by a false sense of security)

Furthermore, while SMS and email 2FA provide extra protection to your accounts, they are the most risky MFA method to use. This is because if someone gains access to your email or phone number, such as through a SIM swapping attack, they'll also have access to your OTP codes.

https://www.bleepingcomputer.com/news/security/lapsus-hackers-took-sim-swapping-attacks-to-the-next-level/

**Lightbringer** @[email protected] · Dec 18, 2023, 08:46

**Lightbringer** @[email protected] · Dec 18, 2023, 08:46

Dec 18, 2023, 08:46

Lightbringer @[email protected]

@ecksmc Thank you for sharing this. You are providing useful PSA. This is all good advice.

Resources

Developers

What is CounterSocial?

counter.social

More…