Weekly Tip! Single Sign-On Smishing
Okta's single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren't the only people who benefit from this service. Cybercriminals are taking advantage of Okta and other SSO services in a recent smishing (SMS phishing) scam.
To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.
Follow the tips below to stay safe from similar scams:
To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy. If you tap the link, you'll be taken to a fake Okta login page and prompted to enter your login credentials. Then, the cybercriminals can use your credentials to access your Okta account and other accounts linked through the service. Once they have access, the cybercriminals can steal sensitive information from you and your organization.
Follow the tips below to stay safe from similar scams:
- Always be cautious of unexpected text messages. While this scam targets Okta users, it could be used with any authentication service.
- Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
- Never tap on a link in a text message that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
The KnowBe4 Security Team
KnowBe4.com
KnowBe4.com
Related Articles
Weekly Tip! Smishing Is 50% Off!
Have you ever received text messages about special discounts or promotions for a service you use? Many legitimate organizations send promotional text messages to their customers. Unfortunately, cybercriminals are sending text messages with fake ...Weekly Tip! EvilProxy and URLs
About a week ago, researchers uncovered a new "phishing-for-hire" tool called EvilProxy. The tool sends standard phishing emails to recipients, but it implements some advanced hacking techniques to dramatically increase the odds of taking over your ...Weekly Tip! IT or Cybercriminal?
Coinbase, a cryptocurrency platform, was the latest victim of a social engineering attack. Social engineering occurs when cybercriminals manipulate you to try to steal your sensitive information. In this recent attack, a cybercriminal sent smishing ...Weekly Tip! Zelle Fraud Alert Scams
Zelle is a popular mobile payment application that allows users to send payments to one another. Like most financial institutions, Zelle alerts users of possible fraud to stop suspicious account activity from happening. However, not all fraud alerts ...Weekly Tip! Blank Image Phishing Scams
Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take ...