In some cases, the multi-factor response is by way of a SMS text message sent to your phone, that you then enter into the website.
Imagine if a cyber-criminal could intercept your SMS messages, and therefore gain access to your accounts? Turns out they might be able to. If they can call your cell provider and cook up a story, they might be able to get the provider to send your texts to them. I guess you’d notice if you stopped getting text messages yourself.
The story they use for the cell-provider is called social engineering. They use whatever hooks they can to trick the provider into thinking that the person calling them is you, not a crook. Sometimes those strange social media polls (like who was your favourite teacher at school, or the name of your first pet, are designed simply to gather information on you so they can guess your ‘secret’ questions with people like the social providers)
That’s the first thing you can do – stop answering those strange polls. Another technique we saw was to set up the ‘secret questions’ with different answers. Rather than name your favourite teacher, name the school.
So what’s the answer?
Most importantly, wherever possible, use a phone app for MFA, not a text message