New Phishing Scams Are Getting Smarter

A recent article from Cybersecurity News explains how hackers are using a new phishing kit-as-a-service to steal login information from users of popular platforms like Google, Microsoft, and Okta. These tools are sold to criminals, making it easier for almost anyone to launch advanced phishing attacks.

What makes this scam more dangerous than older phishing emails is that it works in real time. When a victim enters their username and password on a fake login page, the information is instantly sent to the attacker. The fake page can even change to match multi-factor authentication (MFA) prompts, making the scam look legitimate.

Attackers often combine this with fake phone calls, pretending to be IT support and convincing users to approve login requests. This can trick people into giving attackers access to their accounts, even if MFA is enabled.

To stay safe, organizations should use stronger MFA options like passkeys, train users to be cautious of unexpected login requests, and remind people to never trust unsolicited support calls.

What steps do you personally take to verify that a login request or support message is legitimate? Personally, unless I am the one initiating the call to customer support through a verified phone number, I would not feel comfortable following instructions in a situation such as the one posed above. 

Article: New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users

Comments

Post a Comment

Popular posts from this blog

I will be discussing what I believe is a useful resource for anyone looking to further their education and skills in cybersecurity. The resource I am referencing is https://www.sans.org/   the official website of the SANS Institute . Who are they? SANS is an acronym for SysAdmin, Audit, Network, and Security . It is a United States–based organization that specializes in cybersecurity education. SANS is widely known for providing high-quality training programs and industry-recognized certifications. What do they offer? SANS offers a wide variety of professional training courses and certifications covering many areas of cybersecurity. In addition to paid content, they also provide an extensive collection of free resources that can benefit anyone interested in information technology and security. Some of these free resources include: Podcasts Webinars Blogs Newsletters While exploring these resources, I listened to one of their podcasts from the OUCH! Podcast series titled “The Hidd...
Read more
  TryHackMe is a website that offers hands-on labs for learning different cybersecurity topics. The platform is organized into “rooms,” with each room focusing on areas like Linux, networking, or web security. Each room includes explanations along with tasks you complete as you go. One thing I liked about TryHackMe is how simple it is to get started. After creating a free account and answering a few basic questions, it immediately places you into a recommended learning path, which makes it easy to start without having to decide where to begin. The site is easy to use, and everything runs directly in the browser, so there isn’t much setup involved. The tasks feel very realistic since you’re often working in a terminal and entering commands, rather than just clicking through questions. The rooms explain what you’re doing as you work through them, and there are questions throughout to check your understanding. Overall, the experience feels very similar to our online labs, just orga...
Read more
  I came across Cyberseek while researching our Cybersecurity Roles assignment and thought it was a great resource. The website breaks down roles in a simple, visual way. It shows how you can start in more basic IT roles and work your way into cybersecurity jobs over time. It also has interactive tools, like a map that shows where cybersecurity jobs are in demand and a career pathway tool that helps you see what steps to take next. The website is based on real job data, not just general advice. It shows what employers are actually looking for, including skills, certifications, and experience. This information shows you what skills are in high demand, which allows you formulate a plan of attack to get the role you want. It also helps put things into perspective by showing how many cybersecurity jobs are open, which really highlights how big and growing the field is. CyberSeek acts like a roadmap, helping you connect the dots between learning skills, gaining experience, and event...
Read more