Beware of Latest Phishing Threats: Authenticators and Open Source Kits Vulnerable
Criminals are using software that sells for as little as $300 to deploy phishing campaigns that can bypass some forms of multi-factor authentication (MFA), including those that use time-based one-time passwords (TOTPs). The software, which is responsible for more than 1 million malicious emails each day, uses a technique known as adversary in the middle (AitM) to place a phishing site between the targeted user and the site they are trying to log in to. The most effective barrier to account takeovers is MFA based on the industry standard known as FIDO2.