Okta has warned organizations of an increase in what it has described as “phishing social engineering attempts” that impersonate its support team.
Okta customers and the company itself are regularly targeted by bad actors due to the widespread use of its identity solutions by major enterprises. Obtaining Okta credentials can enable attackers to gain access to a targeted organization’s systems.
In a post published on its security page last week, Okta warned customers to be on the lookout for support-themed phishing attacks, and provided information that can help organizations identify these threats. Targeted users are advised to report such attacks to Okta’s security team.
According to Okta, customers who open support cases can be contacted by phone or email, and while they need to validate their identity, they will never be asked to provide their password or a multi-factor authentication (MFA) token.
Okta has shared a list of legitimate email addresses and phone numbers from which customers may be contacted by legitimate support staff.
The company has pointed to several indicators of social engineering, including suspicious email addresses, the apparent urgency of a call or email, incorrect spelling and layout in the message, and suspicious links or attachments.
Phishing tactics have evolved over the past years, particularly as a result of the widespread availability of AI services such as ChatGPT, which make it easier for cybercriminals to write convincing messages, eliminating traditional phishing indicators such as bad grammar.
Okta last year suffered a significant data breach in which hackers stole information pertaining to all customer support system users.
Advertisement. Scroll to continue reading.
In the prior year, a threat group named 0ktapus targeted over 100 organizations, mainly targeting their Okta credentials.
Okta this year also issued warnings over credential stuffing attacks targeting cross-origin authentication, and attacks leveraging Tor and residential proxies.