Even though presented in different forms, the most important phishing guidance would always remain the same –
- Check all emails with an embedded link thoroughly before taking any actions
- Inspect all URLs sent to you via email, tweets or messages for the embedded link
- Do not click on URLs from unknown senders
- Inspect the URL in the address bar before entering your login credentials on a page
- Use Multi-factor authentication for all sensitive accounts
But why is it so important to follow this guidance?
Why it’s important for you to follow phishing guidance actively
As Google and other Internet companies continue to beef up their security. It appears that cybercriminals too have begun shifting to novel phishing techniques. For instance, last month, we looked at a cyberattack that phished the customer experience team at Electronic Arts (EA) to gain access to more than 50 high-profile FIFA 22 player accounts protected by 2 factor authentication (2FA).
This week, Lawrence Abrams of Bleeping computers pitched forward another instance of a deceitful phishing attack that can bypass two-factor authentication. Using this attack vector, criminals can bypass your 2FA protected accounts by tricking you into logging into your accounts over their servers. Unfortunately, once fall prey to this trick, the criminals would gain full access to your account, as by entering your One Time Passcode (OTP) on their server, you’ve authorized their device for using your account.
By following the basic phishing guidance you can prevent yourself from becoming a prey to this trick.
Other Phishing methods
This newly identified phishing technique is in addition to other prevailing phishing methods for bypassing 2FA. This includes real-time phishing, sim jacking, and man-in-the-middle attacks. Unfortunately, more than 1200 such phishing toolkits were found deployed in the wild by researchers last month. As per the report, these kits help criminals steal login credentials and the 2FA code. Some of them allow them to abuse the hacked account stealthily for a long time without the victims’ knowledge.
To guard your accounts from such attacks, you should change your passwords regularly.
Services such as Google and LinkedIn have also put in place processes to detect man-in-the-middle attacks and prevent the malicious login attacks mentioned above.
But, this new method is able to bypass these protections as well. For this, the threat actor uses noVNC to create a phishing set-up, and generate phishing links. Then, the phishing link is sent to their targets using different phishing methods, such as emails and messages.
If a person falls prey to the phishing attempt, clicks the malicious link, and tries to login to their account, the login attempt happens over a malicious server. Once the user logs in, the criminal can then steal the login credentials and security tokens. Unfortunately, as the login has happened over the threat actor’s server, the login would also authorize their device for future use, bypassing the 2 factor authentication that you had put in place.
If you fall prey to such an attack, the threat actors can then access your account, and read your emails whenever they want. Thus, it becomes necessary for you to follow the basic phishing guidance mentioned above even if you are using 2 factor authentication.
Similarly, you need to ensure that your team also follows the phishing guidance diligently. Whether they are using office computers, mobile devices or working from out of office, everyone needs to look out for phishing attempts. You can easily achieve this goal by training your workers to fight phishing, and by conducting phishing tests regularly.