Online accounts are protected by the three factors of authentication: something you know (like a password), something you have (like a phone), and something you are (like a fingerprint). These factors are designed to keep our accounts secure — but fraudsters constantly find new ways to compromise all three.
Something You Know: The Data Breach Bonanza
Fraudsters scoop up usernames and passwords from compromised companies — and they’ve been doing it since digital passwords were invented. They develop phishing scams to fool users into handing over credentials. And malware is everywhere: it’s estimated that more than 1 billion malware programs currently exist, automatically mining and sending information without the user knowing.
2022 saw a record 24 billion passwords exposed. — New York State Attorney General
Something You Have: The Social Engineering Shuffle
“Something you have” isn’t safe either. Fraudsters use social engineering to convince users (or your cell carrier) to give them access to a phone or SIM card — pretending to be from a bank or phone company until they’ve got control of the accounts.
Something You Are: The Metadata Mimic
Even biometrics can be compromised. Fraudsters can’t change a fingerprint or a face — but they can mimic metadata. They log in with stolen credentials and make their activity look just like the account owner: same IP address, same browser, even the same HTTP referrer.
- September 2013: Apple introduces TouchID → Computer Chaos Club bypasses it in the same month
- November 2017: Apple introduces FaceID → Vietnamese firm Bkav bypasses it the same month
Even one of the largest, most tech-savvy companies in the world isn’t immune.
The Bottom Line
The three factors of authentication are only as strong as their weakest link. What you can do:
- Be risk-aware of where you’re inputting passwords
- Don’t reuse passwords
- Use strong, unique passwords
- Regularly scan for viruses and keep software updated
- Be vigilant of phishing scams
- Use multi-factor authentication where it makes sense
- Carefully evaluate links before clicking
- Don’t assume urgent texts/emails are from legitimate sources
Fraudsters are clever, persistent, and agile — always working to stay one step ahead. By staying informed and taking precautions, we can make it harder for them to compromise our accounts.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →