Tag: MFA

Irish consumers 6x more likely to be scammed by falling for AI fakes

The scale and sophistication of fraudulent advertising and AI-generated scams on social media are growing rapidly, making it harder than ever for people to know what’s real. New research from Visa in Ireland reveals that people who mistake fake AI-generated content for real are six times more likely to be tricked by scammers online than those who don’t (73% vs. 12%). This highlights how digital misinformation directly increases vulnerability and underscores the importance of collective action to protect consumers and restore trust in digital platforms.
In Ireland, Visa found that people who are affected by online scams typically lose €124.50 per incident (median amount), costing the Irish economy an estimated €71.8 million annually. The impact goes beyond financial loss, causing emotional distress, increased anxiety and reduced productivity. On average, victims of online scams spend around 8.9 days resolving the issue – which is 44% of the working month.
The way people engage with content online plays a major role. Those who share a post without checking its accuracy first, are five times more likely to be targeted and impacted by online scams compared to those who tend to take a moment to verify it first (35% vs. 6%). Everyday online habits – such as skimming headlines, resharing without verifying and trusting AI-generated content – are creating new vulnerabilities that scammers are quick to exploit:
  • 59% have believed online content was genuine only to later discover it was an AI-generated fake
  • Over a third (38%) rarely read beyond a headline before forming an opinion
  • Almost a quarter (23%) have reshared a post without checking its accuracy
The ripple effect of online scams
As online scams grow more sophisticated and widespread, this shift in consumer behaviour is having a tangible impact on the wider economy. Almost half (42%) have changed how they shop online after being scammed and one in two people (50%) targeted by online shopping scams say they now avoid shopping with smaller or unfamiliar brands.
This is having a particularly significant impact on small and medium enterprises (SMEs) which account for 99.8% of Ireland’s business population and depend heavily on consumer confidence to survive and grow2.
Stepping up the fight against fraud
Visa is stepping up the fight against social media scams – combining decades of experience with cutting-edge technology and working closely with banks, retailers, and digital platforms to restore trust in online commerce.
AI has been central to Visa’s approach to fraud prevention. For over 30 years, the company has used AI powered tools to help keep payments secure and stay ahead of evolving threats. In the last five years alone, Visa has invested $12 billion in technology, including building smart, AI-powered systems that detect suspicious behaviour in real time and stop scams before they reach people.
Awareness is as critical as technology. With almost two in five (39%) people believing AI will make scams harder to spot on social media, Visa is taking proactive steps to close that gap. Tackling fraud requires a united front, and Visa is committed to collaborating across the ecosystem to set new standards for consumer protection.
By working closely with banks, retailers and platforms to ensure consumers have the right advice at their fingertips, Visa is helping people recognise an AI-generated scam, understand how they work, and stay safe in an increasingly AI-driven digital world. Because the more informed people are, the harder it is for scammers to succeed.
Visa is calling on all stakeholders – platforms, banks, retailers and policymakers – to work together to raise the bar for digital trust and consumer protection.
Conor Langford, Visa Country Manager for Ireland said: “AI is transforming how we live, shop, work and connect, but it’s also reshaping the landscape for fraud. Scammers are using the same technology that brings us innovation to deceive and exploit consumers, blurring the line between real and fake. These scams can hurt real people, costing not just money but peace of mind and trust. At Visa, we’re investing in AI-driven fraud prevention and working hand-in-hand with our partners across the ecosystem to strengthen digital trust. The more informed people are, the safer our digital economy becomes. Together, we can build a more secure digital future for everyone.”
Elaine Burke, Tech journalist & host of the For Tech Sake podcast, warns: “It’s becoming increasingly difficult for people to be certain of what’s real and what’s not online. Social media feeds are flooded with content generated using AI, which is not always disclosed. This same generative AI has made it easier for scammers to create content that looks completely convincing and blends into feeds where AI slop has become the norm. Scammers can even selectively target those who interact with this type of content, knowing they are more likely to engage with it. That’s why education and awareness are so important. The more aware you are of scammers’ methods, the less likely you are to become their next success story.”
Spot the Scam: Five Smart Ways to Stay Safe on Social Media
Question the source
Scammers often mimic legitimacy with fake business pages, slick ads, AI-generated celebrity endorsements, and convincing personal messages. These tactics can look incredibly real. Before you click, pause and ask: Is this trustworthy? A moment of doubt can save you from a costly mistake.
Take a breath
Urgency is a scammer’s best friend. Promises of free gifts, massive discounts, or “limited-time” offers are designed to rush your decision. Instead, slow down. Check if the offer is realistic, research the company, read reviews and visit the official brand website before sharing any personal information.
Verify the sender – not just the profile
A message from a friend, influencer, or organisation asking for money or personal details? Don’t assume it’s legit. Confirm independently: call the person, use a verified website, or contact the business directly. Scammers often hijack real accounts to appear authentic.
Stay secure and report suspicious activity
Protect your accounts by turning on extra security features like two-factor authentication (2FA) or multi-factor authentication (MFA) where possible. Keep your apps and devices updated and regularly review your privacy settings. If you spot a suspicious ad, post or account, report it to the social platform – and to your bank if money is involved.
Pay securely – or not at all
Never share your bank details over social media. If someone asks you to send money via bank transfer, it’s likely a scam. Always use secure payment methods that offer buyer protection. If that’s not an option, walk away.
For more information on how to pay safely, please visit: www.visa.ie/pay-safely-with-visa.html

Which Businesses Need Cybersecurity the Most? A Sector-by-Sector Guide

Cyberattacks are no longer rare events – they’re an everyday threat, and the cost of each breach is climbing fast. In the UK alone, over 38% of small businesses reported being targeted by a cyberattack in the past year, with many facing significant financial and reputational damage. At Support Tree, we’ve seen firsthand how vulnerable organizations can be when cybersecurity isn’t a priority. In this article, we’ll explore which industries are most at risk, why they’re targeted, and what steps businesses can take to protect themselves.

Why Cybersecurity Matters for Every Business?

Cybercrime isn’t reserved for big corporations with vast databases and deep pockets. Small and medium-sized businesses (SMBs) are often prime targets because hackers know their defences are usually weaker, and a single breach can cause devastating consequences.

Criminals don’t discriminate by size; they look for opportunity. For many SMBs, that opportunity comes in the form of outdated software, untrained staff, or a lack of robust security measures. The result? Cyberattacks can halt operations, drain bank accounts, and damage hard-earned reputations.

Some of the most common threats include:

  • Phishing – fraudulent emails or messages designed to trick employees into revealing passwords or payment details.
  • Ransomware – malicious software that locks you out of your systems until a ransom is paid.
  • Insider threats – intentional or accidental data leaks caused by staff or contractors.
  • Data breaches – unauthorized access to sensitive customer, financial, or intellectual property data.

The truth is simple: in today’s digital landscape, every business is a potential target. Taking action before a threat materializes is not just smart — it’s essential for survival.

High-Risk Sectors for Cyberattacks

Some industries are targeted more aggressively than others because of the type of data they hold, the financial reward for criminals, or the potential disruption an attack can cause. While no sector is immune, understanding where the highest risks lie can help businesses prioritize their defences.

Sector Why They’re Targeted Examples of Attacks Compliance / Key Risks
Financial Services Direct access to money and high-value personal data. Data breaches at banks, fintech platform hacks, and insurance fraud cases. PCI-DSS for payment security, FCA guidelines for financial conduct.
Healthcare Patient data is highly valuable on the black market. NHS ransomware incidents, private clinic data leaks. Loss of patient trust, disruption to critical services.
E-Commerce & Retail Payment card theft and account takeovers. Online store breaches, fraudulent transactions. Risks peak during major sales events like Black Friday.
Manufacturing & Supply Chains Ransomware can halt production and operations. Cyberattacks on suppliers are causing production delays. Industrial espionage, theft of trade secrets.
Professional Services Store sensitive client and financial data. Law firm data leaks, insider data theft. Insider threat risk, professional reputation damage.

Businesses operating in these sectors cannot afford to take cybersecurity lightly. The combination of high-value data, financial incentives for attackers, and regulatory pressure means prevention is far more cost-effective than recovery.

Overlooked but Vulnerable Sectors

When people think of cyberattacks, they often picture large corporations, banks, or hospitals. But some of the most vulnerable targets are in sectors that don’t make the headlines. These industries can be easier prey for cybercriminals because they often lack the same level of security resources as bigger players.

Here are a few examples where risk is high but awareness is low:

  1. Charities & Nonprofits
    • Why at risk: Often run on tight budgets with limited IT investment.
    • Typical threats: Phishing emails aimed at staff and volunteers, breaches of donor databases, and ransomware disrupting fundraising events.
    • Impact: Loss of donor trust, reputational harm, and reduced ability to operate.
  2. Education
    • Why at risk: Schools, colleges, and universities hold vast amounts of personal data on students, parents, and staff.
    • Typical threats: Ransomware shutting down systems, leaks of student records, and phishing attacks on staff.
    • Impact: Disruption to learning, safeguarding concerns, and compliance breaches.
  3. Hospitality
    • Why at risk: Booking platforms and payment systems store valuable customer and financial data.
    • Typical threats: Point-of-sale (POS) system hacks, booking system breaches, and card data theft.
    • Impact: Loss of customer confidence, direct financial loss, and damage to brand reputation.
  4. Local Government
    • Why at risk: Councils and local authorities manage critical public services and store sensitive citizen records.
    • Typical threats: Ransomware attacks causing service shutdowns, breaches of public databases, and phishing targeting officials.
    • Impact: Public service disruption, political fallout, and exposure of personal data.

The common thread across these sectors is the assumption of low risk a dangerous mindset that makes them attractive to attackers. Even with smaller budgets, implementing basic cybersecurity measures can dramatically reduce exposure.

Consequences of Poor Cybersecurity

Failing to protect your systems and data can have far-reaching effects, often more damaging than the initial attack itself. Understanding these consequences is the first step in appreciating why prevention must be a business priority.

  1. Financial Loss
    • Direct costs: ransom payments, fraud, stolen funds.
    • Indirect costs: legal fees, system recovery, and hiring specialists to repair the damage.
    • Example: A ransomware demand might be £50,000, but the true recovery bill can run into the hundreds of thousands once lost revenue is considered.
  2. Legal Penalties
    • Non-compliance with regulations like GDPR, PCI-DSS, or sector-specific rules can lead to hefty fines.
    • Example: Data breaches involving personal information can result in penalties up to 4% of annual global turnover under GDPR.
  3. Reputational Damage
    • Customers lose trust when their data is compromised.
    • Negative media coverage can harm a brand’s image for years.
    • Example: Studies show that up to 60% of small businesses close within six months of a major breach due to lost customer confidence.
  4. Operational Downtime
    • Cyberattacks can bring daily operations to a standstill.
    • Example: Manufacturing firms hit by ransomware have had to halt production for days or even weeks, leading to missed orders and broken contracts.

The reality is that the cost of prevention is far lower than the cost of recovery. Every business, regardless of size or sector, should view cybersecurity as a fundamental part of its risk management strategy.

Essential Cybersecurity Measures for All Businesses

No matter the size or industry, every organization can take practical steps to strengthen its defences. These measures don’t require a massive budget, but they do require consistency and commitment.

  1. Implement Strong Password Policies
    • Require complex, unique passwords for all accounts.
    • Enforce regular password changes and ban password reuse.
  2. Use Multi-Factor Authentication (MFA)
    • Add an extra layer of security to logins, even if passwords are stolen.
    • Prioritize MFA for email, banking, and administrative systems.
  3. Regularly Back Up Data
    • Store backups securely, offline or in a protected cloud environment.
    • Test backups periodically to ensure they can be restored quickly.
  4. Train Employees on Cybersecurity Awareness
    • Provide regular training on spotting phishing emails, social engineering tactics, and safe internet use.
    • Encourage a “stop and check” culture before clicking links or opening attachments.
  5. Secure Endpoints and Networks
    • Use antivirus, anti-malware, and firewalls on all devices.
    • Keep all software and systems updated with the latest security patches.
  6. Control Access to Sensitive Data
    • Restrict permissions so employees only access what they need.
    • Monitor and review access rights regularly.
  7. Consider Cyber Insurance
    • Provides a financial safety net in case of a breach.
    • May also include access to rapid incident response services.

 

Cybersecurity is not a one-time project but an ongoing process. By embedding these practices into daily operations, businesses can significantly reduce the likelihood of becoming a target and be better prepared to respond if an attack does occur.

Cybersecurity is no longer an optional extra – it’s a core part of doing business in the digital age. Whether you’re running a financial institution, a local charity, or a growing e-commerce store, the risks are real, and the consequences of inaction can be devastating.

The good news is that you don’t have to tackle these challenges alone. At Support Tree, we help businesses of all sizes assess their vulnerabilities, strengthen their defences, and respond effectively to incidents. The earlier you act, the more control you have over your security and your future.

Don’t wait for a cyberattack to force your hand. Start by reviewing your current protections today, train your team, and put robust safeguards in place. Your customers, your reputation, and your bottom line depend on it.

Four in ten Irish businesses have suffered a cyber-attack in the last five years

Four in ten (40%) Irish businesses have suffered at least one cyber-attack in the last five years, with companies facing financial loss as a result.

Research from insurance broker and risk management company Gallagher in Ireland has revealed that more than one in eight (88%) Irish businesses have suffered financial loss and commercial disruption due to a cyber-attack in the last five years.

Gallagher commissioned a survey of 300 business decision makers across the UK & Ireland, 100 of whom are based in Ireland.

Businesses that have experienced a cyber-attack in the last five years reported additional consequences as a result including:

  • the loss of intellectual property (26%)
  • supply chain disruption (23%)
  • reputational damage (23%)
  • ransom payment demands (20%)

Laura Vickers, Director, Gallagher in Ireland spoke of the findings,

Given what we can see from the widespread impact of cybercrime, it is unsurprising that almost every Irish business leader we asked (93pc) said they are concerned about the rise in cyber-crime and the potential impact it could have on their company”.

The Top 3 in Corporate Cybercrime

  • Cyber extortion, whereby cyber criminals threaten to harm a business or steal sensitive information unless a sum of money is paid, was the most common type of attack carried out on Irish businesses, with 37% saying they had been targeted.
  • Phishing attacks, where individuals are tricked into following a malicious link or downloading an infected email attachment, was the second most common attack with 31% suffering this type of incident in the last five years.
  • Followed by what is termed “Man-in-the-Middle (MiTM) attacks”, where the perpetrator intercepts and alters communication between two parties without their knowledge – 23pc of business leaders said their organisation had fallen foul of this.

In Ireland the Gallagher report reveals that large businesses, those with annual turnover exceeding £10m, have been particularly vulnerable, with 57% experiencing cyber-attacks during this period. Mid-sized companies also show substantial exposure, with 39% reporting attacks. Comparatively, smaller businesses have been less frequently targeted, with only 9% experiencing attacks.

Prepare and Respond

Despite the increasing risk of cyber-attacks, 90% of Irish business leaders express confidence in their ability to recover quickly. This optimism may stem from the fact that 94% of businesses have a cyber insurance policy, with 89% confirming their coverage includes risk management, including vulnerability scans and threat monitoring,to mitigate potential threats.

However, the Gallagher survey also highlights areas of concern within Irish business

  • Just 39% of companies provide cybersecurity training for staff, leaving many employees susceptible to phishing and malware attacks.
  • Only 41% conduct regular system vulnerability scans, increasing the risk of undetected weaknesses being exploited by cybercriminals.
  • Less than half (48%) have multifactor authentication (MFA) in place for remote workers, potentially exposing their systems to unauthorized access.
  • Only 42% of business decision-makers are aware that reporting a cyber-attack to the National Cyber Security Centre (NCSC) is a legal requirement. Failure to comply could result in fines of up to €10 million or 2% of global turnover.

Ms. Vickers went on to comment,

“While it’s encouraging to see businesses investing in cyber insurance and risk management, security measures must go beyond just financial protection. Many businesses are still vulnerable due to gaps in employee training, system monitoring, and access controls. Cyber threats are evolving rapidly, and companies that fail to strengthen their security posture risk serious financial and reputational damage.

Equally concerning is the lack of awareness around reporting obligations. Failure to report an attack could lead to significant fines, compounding the financial losses from a breach. Businesses must take a proactive approach, not just in purchasing insurance, but in implementing robust cybersecurity practices and ensuring compliance with legal requirements.”

What is MFA Fatigue? Stay Safe and Protect Accounts

Multi-factor authentication or two-factor authentication can be the cure to data breaches. Even if passwords leak, accounts remain unharmed if perpetrators do not know the secret codes unlocking them. However, hackers hope to jump through any security technique thrown at them. And MFA fatigue represents a way for them to try and beat MFA. 

MFA fatigue attack is one of the current methods used to spam the system with many authentication prompts until access is granted. Companies and individuals with multi-factor authentication need to take the necessary steps to combat this approach. 

Today we’ll introduce MFA fatigue attacks and advise you on protecting yourself from them. 

MFA fatigue attacks explained 

MFA fatigue, MFA bombing, or MFA push spam is a hacking attempt to go through the MFA system and enter user accounts of online services like websites, apps, etc. Most attacks focused on MFA usually revolve around social engineering, man-in-the-middle, or hijacking attacks, but this is a brute force attack. 

Attackers use guessed, leaked, or stolen login credentials to perform credential stuffing. It is a way to bombard the account owner and the MFA system when it provides random passwords or identity verification. The system is flooded with thousands of prompts until it lets up. 

How it works 

Even though this attack might seem like a poor attempt, it can be very effective as more and more services use multi-factor authentication. Most MFA techniques have become routine and contain generic information. 

Many users get annoyed and drained by having to verify their identity daily. MFA fatigue attacks exploit this fact hoping account owners will make costly mistakes. However, even if the user recognizes the fraudulent login prompt, they could provide access to make endless notifications stop. So, the threat has been reported and seems to be as realistic as other well-known attacks. 

This kind of pressure is psychological, and most mobile users will likely give up as they can’t take the endless push notifications. It is especially effective because users have their smartphones available 24/7, so hackers have constant access to the victim. 

How attacks manifest

Hackers first acquire basic login credentials to an account. For example, they could be credentials to an email address or an online account. Cybercriminals use various methods to steal credentials and use leaked passwords from previous attacks on all accounts of a single user. 

They often use phishing attacks to trick people into giving them information voluntarily. Sometimes, they employ thousands of random password combinations until they find the winning combination. Once they’ve gone through the first step, they launch an MFA fatigue attack to spam authentication prompts in hopes of someone making a mistake or succumbing to pressure. 

However, success is only guaranteed if they can force account owners to confirm their identity. Still, these attacks are automated and can be scaled quickly, which means attacks target dozens of people simultaneously and play the numbers game. 

Protecting data and accounts against MFA fatigue attacks

Even though MFA attacks can be tricky, you can reinforce your security against them in several ways. Here’s what you and your employees need to do. 

Reduce the number of required logins 

The more multi-factor authentication requests users must go through, the more likely they will permit an attack without even noticing it. To ensure your employees are on their toes, reduce the number of required logins or consider switching to a solution requiring a single sign-in. On the other hand, you can also use a federated identity system or passwordless authentication

Provide cybersecurity training 

One of the most effective ways to stop MFA fatigue attacks is to educate employees on recognizing and responding to them. Most people recognize when things are wrong, especially when there are so many authentication attempts. 

However, people are often tired or unfocused and do something they usually wouldn’t. Educate employees to recognize these attacks and teach them how to mute requests, so they don’t get hundreds of push notifications. 

Include resilient authentication 

MFA fatigue attacks focus on key weaknesses multi-factor security systems have. To combat these attacks effectively, you can add a time limit between two prompts, which means the attacker can’t spam dozens of prompts in minutes.

On the other hand, it’s also a good idea to limit the number of login attempts. For example, if you limit it to three attempts, all prompts after the third attempt will be blocked. 

It’s also possible to replace the universal confirmation signals with notifications specific to that login attempt. Some providers already use matching numbers where users get a number on their screens and must enter it in the authenticator. 

Use other appropriate security tools 

Data breaches or smaller data leaks can happen due to various dangers. For instance, you might stumble upon a fake website imitating a legitimate service. Unknowingly, you browse its content and might even provide your login credentials to its phony login page. Therefore, it is best to double-check whether the website you visit is legitimate. 

Unsafe HTTP websites could make it easy for hackers to capture specific user details. Thus, one option is to download VPN apps that encrypt your traffic. Then, your data will remain more secure even if you visit an HTTP website. A Virtual Private Network does so by scrambling data with practically unbreakable protocols. Furthermore, traffic will get rerouted through remote servers to avoid exposing your approximate location. 

Conclusion 

Hope this post has helped you understand MFA fatigue attacks and how they work. Implement the proper security protocols as soon as possible and avoid potential disasters. Cybersecurity is more critical than ever, especially for companies. 

MFA vs. SSO: How Do They Compare?

Multi-factor authentication and single sign-on are important parts of identity and access management. 

They’re also something every business should understand right now because they prevent many of the main cybersecurity vulnerabilities that come with remote and hybrid work environments

Rather than looking at them as competing elements of a cybersecurity plan, you should instead consider them two things that work together. 

The general concept underlying both MFA and SSO is that a password and user ID combination are no longer adequate to protect sensitive data and information. 

Below are details about both. 

What is Multi-Factor Authentication?

Multi-factor authentication or MFA uses different factors to verify someone’s identity and then ultimately grant access to systems, data, and software. 

Most MFA systems will use at least two factors to authenticate users and devices.

The first is typically characterized as “what you know.” What you know might include recovery questions or a password. 

Another potential category is what you have, which can include a one-time password or a token. 

A third factor is who you are, meaning a biometric factor like a fingerprint. The fourth possible factor is what you do or where you’re at. This category can include location-based authentication or keystroke biometrics, which assess how you type. 

The advantage of MFA is the security. 

Other benefits of MFA, along with additional security layer include that it’s easy to implement, and your employees and customers feel like they’re being protected. Ultimately, you can lower your operating costs because you’re spending less on cybersecurity problems, and it can reduce the burden on your IT team. 

The biggest issue with MFA is that it can be cumbersome to manage, which is why a good MFA solution can keep your employees productive and make things easier for them without sacrificing security. 

What Is Single Sign-On?

Single sign-on, in some ways is a more straightforward concept than MFA. Single sign-on refers to scenarios where a user has a master sign-on to authenticate themselves before they start working. If they need to log into another tool to do their work, the SSO solution will log them in. 

The credentials to log into all needed platforms are stored by the SSO solution. 

Benefits of single sign-on include:

  • With the move to the cloud, employees are increasingly using apps for work, and each of those can otherwise require a different password or username. This is burdensome and leads to serious cybersecurity vulnerabilities stemming from password fatigue. Signing on once can improve employee productivity and save everyone time. 
  • SSO can save on IT costs because there’s less being spent on password resets and troubleshooting. It’s optimal if SSO is part of a centralized access management system that uses a central directory for the provisioning and de-provisioning of users. You can relatively easily define policies based on location, user role and other traits. 
  • The use of SSO can prevent shadow IT. Shadow IT refers to unauthorized workplace downloads. With cloud downloads so prevalent, the risk of shadow IT continues to grow. SSO can help employers monitor the apps employees use, reducing the risk of shadow IT.
  • Having SSO in place can encourage employees to use available technology tools. If you invest in new technology and employees aren’t willing to use it, it’s a wasted investment. You want any technology investments to make your employees’ lives easier rather than harder, and SSO can help with that. 

Comparing MFA and SSO

SSO focuses on users getting access to all needed resources with one authentication. Multi-factor authentication is about stronger verification of identities. One doesn’t eliminate the need for the other. They do different things and should ideally be used together. 

When using both MFA and SSO, benefits include enhanced security and convenience. You’re simultaneously taking the burden off employees to remember so many passwords, and you’re also reducing a potential surface area for a cyber-attack. 

MFA can serve as a backup for SSO because it adds additional layers of authentication. Both can work to increase employee productivity. Workers aren’t spending all their time concerned with password and log-in issues. 

MFA and SSO can both fit into the larger concept of identity and access management (IAM), which focuses on making sure the right people in your organization have access to the right resources at the proper time across increasingly diversified technical systems. 

Understanding identity and access management should be one of your top priorities for the upcoming new year, along with general cybersecurity in a modern, cloud-driven environment.