Even if hackers can get a user’s login credentials through a phishing scam, often multi-factor authentication (MTA) means that the account remains protected by a one-time passcode. However, a phishing attack framework using reverse proxies can bypass MTA. A feature added to Google in 2019 prevents login from reverse proxies. A new method forgoes the need for reverse proxies by prompting users to connect to a VNC server within a browser by clicking a link which shows email login prompts running on the hacker’s server but showing in the user’s browser like normal.
To protect yourself from these types of phishing attacks remember to never click URLs from unknown senders or suspicious messages! Schedule a Cyber Health Checkup today and let’s discuss your organizations security posture.
