Published: April 22, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
A new upgrade to a phishing kit is getting around MFA, and that's a big security concern. Multi-Factor Authentication (MFA) is a widely used tool many of us rely on for our authentication security. The phishing kit is called Tycoon 2FA and it's currently stealing Microsoft 365 and Gmail email accounts. Tycoon 2FA is being sold on the dark web, but there is a defense, and it is something we should all know how to do.
Tycoon 2FA For Sale
Cybersecurity experts at Sekoia.io have been following Tycoon 2FA and their report sheds light on this Phishing-as-a-Service (PaaS) kit. For just $120 to $320, aspiring and dedicated cybercriminals can rent this latest upgrade to Tycoon 2FA for ten days. According to Sekoia.io, this upgrade is growing like wildfire on the dark web. In just months, Tycoon 2FA is being used in thousands of phishing attacks with approximately 1,100 domains...and counting.
What attackers get for their money is a phishing kit that hosts bogus login pages that steal a victim's MFA. Once an attacker bypasses MFA they have total access to a victim's account. This allows an ATO (Account Takeover) that locks the victim out of their account and hijacks their data like payment information and other valuable PII. Where that stolen PII leads is up to the attacker, and identity theft and other crimes are always on the menu.
Avoiding Tycoon 2FA
As sneaky and prolific as Tycoon 2FA is, using phishing smarts is the best weapon to avoid becoming its next victim. Since this phishing kit is currently targeting Microsoft 365 and Gmail email accounts, not falling for email phishing to begin with is the best defense. Even though Tycoon 2FA is bypassing MFA, always keep MFA enabled whenever available.
Common sense still rules as the best approach to email phishing, along with using “think before you click” as a mantra. First, check the email sender and If you don’t recognize them, and/or the greeting is generic, that’s a big red flag. If the sender includes a website link or attachment, never open it.
Remember, one bad click can end in disaster. Always check for poor grammar, spelling, and bad graphics; all a sure sign the email sender isn’t legitimate.
Use your “Spidey-Sense” to check for email phishing. If there's any hint an email is questionable, trust your instincts and delete it.
Staying safe online is a challenge we all face and phishing kits like Tycoon 2FA can test the best of us. The good news is, new tools to fight new challenges like Tycoon 2FA are being developed. Until they are, it’s up to you alone to take on these challenges!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments