VulnHub

Okta has reported a new type of vishing attack where scammers impersonate IT support teams to steal user credentials. These attackers create fake login pages in real-time using phishing kits, which makes it challenging for victims to detect the fraud. This method allows them to bypass multi-factor authentication (MFA), a security measure that many organizations use to protect sensitive information. Users who fall for this trick may unknowingly provide their login details, putting their accounts and sensitive data at risk. Companies should remain vigilant and educate employees about these tactics to prevent successful attacks.

Okta has issued a warning about a new wave of attacks targeting its Single Sign-On (SSO) accounts through voice phishing, or vishing. Attackers are using custom phishing kits designed specifically for these social engineering tactics to trick users into revealing their Okta SSO credentials. This breach affects organizations that rely on Okta for secure login processes, potentially exposing sensitive data if attackers gain access. As these attacks are currently active, users are urged to remain vigilant and verify any requests for sensitive information they receive via phone. This situation emphasizes the need for enhanced security measures and user education on recognizing vishing attempts.