A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered.
The phishing campaign
By pretending to be customer support and combining email, text messages and phone calls, attackers are social engineering victims into clicking the provided link.
The victims are then prompted to resolve a captcha using hCaptcha – a tactic that prevents the phishing site from being identified and adds to its credibility – and are presented with a spoofed Okta SSO page.