Login
Become a Member

Watching for scams: multi-factor authentication is for your eyes only

It seems like every day we hear about a new scam that has taken money from some unsuspecting victim’s account. 

As you may have heard recently, there have been some attacks on Superannuation funds and though you may not have noticed any unusual activity on your accounts or through your social media it is wise to stay extra vigilant at this time.   

Some people think that because they have MFA (Multi-Factor Authentication) then they are safe, but that is not always the case. 

It is certainly an extra protection but as the scammers become more desperate and cleverer they look at circumventing the extra protection you have. 

First they need your username and password. 

These details are not necessarily easy to obtain but is possible through the most popular method, which is the reuse of credentials that were used on websites that have been previously breached and widely circulated.  

This technique is known as Credential Stuffing.  The whole reason that MFA exists in the first place is to defend against compromised usernames and passwords. 

Then, they need to obtain your MFA – which again is not impossible as you can see in the following text exchange between “Nancy” the criminal trying to get your details. 

Once “Nancy” has been able to get your MFA detail and gone into your account, she is now able to impersonate you on your account 

As far as the XYZ Bank mobile app or the XYZ Bank website is concerned the criminal is now you and can do everything that you could do going forward.   

Lesson –  The organisation that allows or enforces MFA should never request you to supply them with your MFA.  The MFA is for you only and tied to one specific device (if using an authenticator app) that should be in your possession. 

Related

Sharpening focus on performance: five ways financial advisers and advice licensees can improve retirement outcomes for choice members

In the next decade, a silver tsunami will sweep Australia. Around three million Australians will reach retirement age, after a full working life of compulsory superannuation contributions.
Policy, Advocacy & Standards,
Read more

GET IN TOUCH

QUICK LINKS

  • The Financial Advice Association Australia acknowledges Traditional Owners of Country throughout Australia and recognises the continuing connection to lands, waters, and communities. We pay our respect to Aboriginal and Torres Strait Islander cultures; and to Elders past and present.
Facebook Linkedin Instagram
  • © 2025 FINANCIAL ADVICE ASSOCIATION OF AUSTRALIA LIMITED.
  • CFP®, CERTIFIED FINANCIAL PLANNER® and CFP logo mark are certification marks owned outside the U.S. by the Financial Planning Standards Board (FPSB). The Financial Advice Association Australia (FAAA) is the marks licensing authority for the CFP marks in Australia, through agreement with FPSB.

Member Benefits

FAAA Communities

Honorary Awards

Research

Find a Planner

Money & Life

Complaints

FAQs

Calendar

Roadshow

Congress

CFP Certification

Masterclass

FAAA Learn

Legislated Education Standard 2026

Career Centre

Specialist Designations

Financial Planning Education Council

Financial Planning Research Journal

Continuing Professional Development

 

Submissions

Policy Platform

CSLR Hub

DBFO Hub

Membership Regulations

Ethi-Call Hotline

Disciplinary Action Register

Whistleblower Policy

Who is the FAAA

Media Releases

Blog

Meet the Team

Careers in Financial Advice

Financial Literacy

Contact Us

Login

Become a Member