We narrowly avoided a recent hacking attempt that 2FA would have stopped.

By Christy Rogers, Owner and Instructor at Training Umbrella

We narrowly avoided a recent hackin g attempt that 2FA would have stopped.

It started a few weeks ago on a late Friday afternoon. I received an email welcoming me to QuickBooks and they had great news about my “Checking and Payments Application”. 

Umm, what!?!?

SOMEONE was using an alias of my work email to create a fraudulent Intuit QuickBooks account. Then they connected it to a fake Shopify account! (Shopify is an online eCommerce system.) This was a sophisticated attack and a bit shocking to learn when it was happening. I immediately went to Intuit’s website looking for a phone number to call to say, “Hey! SOMEONE is creating a fake account using my name! Stop them!” I’m sad to say that their “helpdesk” was not very helpful. I was instructed to forward these emails to their “security” team email and wait to hear back. (Again, not very helpful.) While I’m disappointed in Intuit’s lack of responsive help, that is not the real reason I am writing this story.

Full disclosure: I did not have two-factor authentication turned on for my email account. Ugh. My stomach hurts just typing this. I know better. So this is a public service announcement for you to double check that you have two-factor authentication enabled for all your important accounts.

What can you do to protect yourself? Let’s start with two easy things:

1.      Turn on two-factor authentication. Really. Just do it.
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication credentials to verify themselves. For example, a password AND a code sent via text to your mobile number.

2.      Create solid passwords and use a reliable password manager to assist you if needed.
Here is some advice from my good friends at Cenetric: A password of 10 lowercase letters takes a minute to figure out. Throw in some uppercase letters and go up to 11 characters and it will take a month. But if you use a combination of words and mix in symbols and capitalization you can make it trillions of years before they get you.

Click here to read the entire article and to learn more about password tips.

Graphic Credit: Hive Systems

While I’m not exactly sure how this SOMEONE gained access to my information, I have taken the steps to protect my name and my business. It’s hard to describe the feeling that you get when something like this is happening. You feel like you’re being attacked and you have no way to defend yourself. I don’t want you to experience that feeling, especially if simply enabling 2FA stops a hack attempt in its tracks.

You probably have a list of the most important accounts you use to run your business. Why not go through each of those to make sure you have strong passwords and that you have enabled Two-Factor Authentication on every one of them? Good luck out there!