Increasingly sophisticated voice phishing kits imitating identity providers' authentication flows to facilitate real-time tracking of illicit operations have been gaining traction among cybercriminals, according to The Register.Attacks commence with the scouring of corporate websites, employee LinkedIn pages, and other public sources, followed by the usage of the phishing kit to craft a convincing login website, a report from Okta Threat Intelligence revealed. Threat actors using a spoofed corporate phone number or support hotline move to lure targets into inputting their usernames and passwords into the phishing page, which is updated in real-time to show a multi-factor authentication challenge, a push notification, or a one-time password for maximum believability."If presented a push notification (type of MFA challenge), for example, an attacker can verbally tell the user to expect a push notification, and select an option from their [command-and-control] panel that directs their target's browser to a new page that displays a message implying that a push message has been sent, lending plausibility to what would ordinarily be a suspicious request for the user to accept a challenge the user didn't initiate," said the report.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds