Multifactor authentication (MFA) Phishing attacks are on the rise and fraudulent MFA approval requests are being sent to users. The goal of an MFA Phishing attack is to catch the user off-guard and trick the user into approving an MFA request that is fraudulent. To prevent unauthorized approvals, users will now see their location on the SafeNet MobilePASS+ application in MFA approval requests. Showing the user where the MFA request originated will help the user verify its legitimacy. If the MFA approval request originated from a location other than the one the user is at, it could be fraudulent.
The SafeNet MobilePASS+ change will:
- Improve the security on VUMC’s enterprise information and applications.
- Reduce the threat of phishing attacks and fraudulent MFA approval requests.
What to expect:
When you access a resource protected by SafeNet MFA, you may be presented with a ‘Deny / Approve’ message in the SafeNet MobilePASS+ app on your phone.
Currently, that approval request contains a key and padlock image with a blank or non-descript background.
When the SafeNet MobilePASS+ change is in place, the key and padlock image will be replaced with a live map showing the location where the MFA request originated. If the displayed location does not match your location or VUMC’s location and you did not attempt to access a SafeNet MFA-protected resource, then the MFA request may be fraudulent.
This change applies only to those using push notifications to access SafeNet MFA-protected applications. Those accessing SafeNet MFA-protected resources using text messages (SMS) or app-generated passcodes, and those accessing Microsoft Azure MFA-protected resources will not see any changes.