Have your QQ account been stolen? On the evening of June 26, some users reported that their QQ account was stolen and would automatically send indecent pictures or gambling content to friends and group members. When downloading the APP, be sure to download it at the official webs

Have your QQ number been stolen?

6 On the evening of June 26, some users reported that their QQ account was stolen and would automatically send indecent pictures or gambling content to friends and group members. In response, Tencent QQ's official Weibo post issued a reply that such account theft incident was caused by the user who scanned the game login QR code forged by criminals and authorized to log in. The login was hijacked and recorded by the criminals, and then used by criminals to send bad image advertisements.

Information source: Sina Weibo

Coincidentally, in May this year, all employees of Sohu received an email from the "Sohu Finance Department" called "May Employee Salary Subsidy Notice". Some employees scanned the code according to the attachment requirements and filled in the bank account and other information, resulting in the balance in the card being transferred and rushed to the hot search of Weihu .

Information source: Sina Weibo

Tencent QQ user was stolen and Sohu employee suffered email fraud, exposing the company's security loopholes. According to the report of China Internet Network Information Center (CNNIC), Chinese netizens have the highest proportion of various network security issues, reaching 28.5%.

On the other hand, " scan code " is the first gateway for login and is a moat for the security of enterprise and user information. According to the "2021 Data Breach Investigation Report" recently released by Verizon, the largest communications operator in the United States:

1. 3 data leakage involves people ;
2. 61% data leakage involves login credentials .

So, if login is inevitable, how can we beware of network traps and ensure information security?

first, download APP through regular channels. When downloading the APP, be sure to download it at the official website of the enterprise or the official APP Store of iOS and Android. If you accidentally go to a phishing website, various APPs that can be downloaded and automatically installed with one click will not only be able to delete the software "mastiff doll installation" or the rogue software after downloading, but also the pop-up windows cannot be removed, and the more web pages it clicks, resulting in overwhelming the computer, causing personal information to be stolen or using your social account to send some pornographic or fraudulent information.

Second, beware of free traps . " free Wifi, one-click Internet access " is spread all over the public places such as cafes, stations, shopping malls, etc. However, some criminals can easily obtain user's mobile device and address information by using analysis and penetration software or implanting viruses through Wifi.

So in public places, when the traffic is sufficient, try to minimize the frequency of Wifi use, and do not click on those Wifi links with unknown origins under the banner of free, especially beware of links that require detailed personal information, including private information such as phone number, bank card, home address, etc.

Third, various documents need to tear out sensitive information . Express delivery, tickets, takeaway orders and other documents contain sensitive information such as user name, phone number and even address, and many people often throw the orders at will. It is best to tear the documents and smear them before discarding them to prevent the information from being stolen by criminals.

Fourth, do a good job in permission management . After downloading the APP, many users will not carefully read the APP prompt information in order to experience the function as soon as possible, and "authorize to the end" with one click, such as cameras, photo albums, address books, location information, etc., allowing many APPs to obtain user information in one click and sell it to criminals for profit.

Therefore, users should not only download the APP from regular channels, but also manage the permissions of the APP.

Fifth, do a good job in information authentication .For some APPs with high security requirements, such as financial management, banking and other systems involving property, when is remotely located or when replacing the device , some additional authentication is required, such as ID card information, fingerprints, etc. APPs with higher security even require manual verification and review.

Multifactor Identity Authentication (MFA) is a very simple security practice method that can add another layer of protection beyond user name and password.

After enabling multi-factor authentication (MFA), when users operate, in addition to providing a user name and password (first authentication), they also need to perform a second authentication. The combination of multi-factor authentication will provide higher security protection for your account and resources.

MFA establishes a multi-level defense that makes it more difficult for unauthorized people to access computer systems or networks. MFA is verified by 2 or 3 independent credentials, which mainly contain the following three elements:

• What is known to : The content that the user has currently remembered, the most common ones such as user name and password;
• items : The identity authentication proof owned by the user, the most common ways are ID cards, U shield , magnetic cards, etc.;
• features : the user's own biological unique characteristics, such as the user's fingerprint, iris, etc.

MFA improves security, even if one credential is compromised, unauthorized users cannot meet the second authentication requirement and cannot access the target user's identity space, computing device, network, or database.

MFA validation mixes at least two separate factors. On the one hand, it is your username and password, that is, your information. On the other hand, it is your physical information, that is, your fingerprints, faces and other human characteristics, that is, who you are. Adaptive multi-factor identity authentication mainly includes the following authentication methods:

• Mobile Token
• SMS/email verification code
• compatible with third-party authentication
• ml10 Biometric
• applet authentication

In short, adding an extra layer of security to the account by implementing multi-factor authentication (MFA) has become the best security practice method to prevent personal data breaches.

About Authing

Authing Identity Cloud The first developer-centered full-scene identity cloud product in China, integrating all mainstream identity authentication protocols, providing enterprises and developers with complete and secure user authentication and access management services. It has helped 20,000+ enterprises and developers build a standardized user identity system, including Coca-Cola , Yuanqi Forest ... Customers have selected and implemented Authing solutions.

Authing is not only a supporter of customers, but also a product expert and strategic consultant of customers, but also a trustworthy partner. We provide a global team of identity experts support, 7*24 hours of uninterrupted support via the Internet or telephone.

Authing’s Help Center provides the latest technical knowledge base, business cases and opportunities to connect with your peers and Authing experts. Whenever you need us, Authing’s support team is always the fastest to respond.