Receive an email asking you to login to your O365 account? Think again, before clicking on that link! Security Researchers have reported seeing an uptick in credential stealing in the wild with a twist. Got 2FA authentication? That won’t help….. thanks to a piece of software called Evilginx that essentially bypasses 2FA.
Brace yourself…..here comes the twist. The attack goes even further by logging the user to the real website after they typed the credentials into the fake look-alike website. Users who don’t pay close attention might miss the slide of hand trick being played out. There are multiple ways to mitigate this risk, although Phishing education is the key.
What Should Users Do?
- Learn how to spot bad URLs
- Report suspicious emails to the Help Desk or IT Security Team
What Should IT do?
One effective technique is to use FIDO U2F authentication. This technique bounds user login to the origin of the request, meaning that only the real site can authenticate with the key. The authentication will fail on the fake site even if the user was fooled into thinking it was real.