Priya Patel
TLDR:
- Phishing scams are used to trick individuals into giving away important details like login credentials.
- SSO-based phishing attacks are targeting users to share their login credentials.
Cybersecurity researchers at Lookout have discovered a new SSO-based phishing attack that targets users to share their login credentials. The phishing kit found by Lookout targets crypto and the Federal Communications Commission (FCC) on mobiles by tricking victims with email, SMS, and voice phishing. The attack primarily affects victims in the United States and targets platforms like Binance, Coinbase, Gemini, Kraken, and more.
The phishing kit spotted by Lookout resembles Scattered Spider’s pattern noted by CISA and uses a domain like “fcc-okta[.]com” to create a fake FCC SSO page. The kit delays victims with a captcha and adapts to modern security with multi-factor authentication awareness. The attackers use redirects based on MFA request types like authenticator app or SMS to steal login credentials.
The phishing kit investigation unveiled that Binance and Coinbase employees were targeted, with Coinbase being the most targeted. Lookout researchers gained access to backend logs and noted high-quality stolen credentials. The attackers are described as American and skilled at targeting mobile devices, mainly iOS and Android in the US.
Victims of SSO-based phishing attacks can suffer from malware like Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. It is important to have malware protection like Perimeter81 to prevent such attacks and protect your network.
