New Phishing Method Discovered

Phishing is a harmful tactic employed by cyber attackers in order to obtain sensitive information (such as credit card numbers, usernames, and passwords). The attackers pose as reputable in order to trick the victims into putting their faith in them and disclosing their personal information. The information collected via phishing may be utilized for a variety of purposes, including money fraud, identity theft, illegal access to the victim’s accounts or accounts to which they have access, blackmailing the victim, and more.

How Does This New Method Work?

A sophisticated new phishing approach enables adversaries to circumvent multi-factor authentication (MFA) by discreetly requiring victims to log into their accounts directly on attacker-controlled servers via the VNC screen sharing system, according to the researchers.

It is still necessary to get the one-time passcode issued to the victim in order to completely compromise the account, even if threat actors are successful in convincing users to submit their credentials on a phishing site if MFA is in place.

Attackers have upgraded their phishing kits to include tactics such as reverse proxies or other means of collecting MFA codes from unknowing victims in order to obtain access to a target’s MFA-protected accounts.

Companies, on the

Read More: