A new phishing-as-a-service platform, PhaaS, named “Tycoon 2FA” is being used to bypass two-factor authentication. Phishing-as-a-service is just like SaaS, a tool that you can buy and use to phish people.
The attack involves a multi step process, usually after a user clicks on a malicious link which takes them to a phishing webpage. First, the attacker steals session cookies, which intercepts the victims password input and relays them to the legitimate service (such as Microsoft or Google login). The user is then prompted for the MFA. After they enter their 2FA code, the server in the middle captures the session cookies1. The threat actor can then replay a user’s session and gain access.
These phishing messages would most likely come via email through links and attachments. When protecting yourself from these kinds of attacks, make sure you stay vigilant. Here are some proactive steps you can take:
- Ask yourself whether or not this was something you were expecting. Sometimes phishing campaigns come from the compromised accounts of people we know – so don’t assume that since it’s coming from a LinkedIn contact or Facebook friend that it’s safe.
- Check the sender’s email address/domain name. Does it look suspicious? Are there any spelling mistakes?
- Be cautious when downloading attachments, especially ones you aren’t expecting.
- If an email is asking for you to login with a link, go to the website directly and do not click on the link.
Another option is to use Cloudflare VPN (it’s free!). A virtual private network (VPN) is an Internet security service that allows users to access the Internet as though they were connected to a private network. This encrypts Internet communications as well as providing a strong degree of anonymity. Some of the most common reasons people use VPNs are to protect against snooping on public Wi-Fi, to circumvent Internet censorship, or to connect to a business’s internal network for the purpose of remote work.
Lastly, companies can also set up DNS filtering. DNS filtering is the process of using the Domain Name System to block malicious websites and filter out harmful or inappropriate content. This ensures that company data remains secure and allows companies to have control over what their employees can access on company-managed networks. DNS filtering is often part of a larger access control strategy.
Interested in Security Awareness training for your team or DNS filtering? Click here to set up a call with us to find out how we can help.
- What is a Session Cookie?
A session cookie is a simple text file that a website installs on its visitor’s device for temporary use. It helps track real-time changes in a user’s activity while on a website, such as adding items while shopping on e-commerce websites. Most websites have session cookies enabled by default, as it helps the web pages load faster and makes navigation easy for the use
↩︎
