MFA - Something Else to Consider

Trevor Chandler

Well-known member
Jul 4, 2020
379
340
19,516
Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:
  • These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
  • Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
  • Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!
 
  • Like
Reactions: precious
Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:
  • These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
  • Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
  • Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!
Apparently, all you need to do to get around your MFA is $200! 😅 These latest phishing kits are quite good at intercepting tokens and stealing session cookies. Do you have any technical "how?" it works
 
  • Like
Reactions: Trevor Chandler
Apparently, all you need to do to get around your MFA is $200! 😅 These latest phishing kits are quite good at intercepting tokens and stealing session cookies. Do you have any technical "how?" it works
I'm sorry to disappoint you, but I don't have any technical info on how phishing kits work. If I did, I would probably charge for it - $500 :)
 
  • Haha
Reactions: precious
I'm sorry to disappoint you, but I don't have any technical info on how phishing kits work. If I did, I would probably charge for it - $500 :)
I adore the spirit of entrepreneurship! 😆 I suppose the standard price for the inside scoop on phishing kits is $500! Should you ever decide to offer 'Phishing Kits 101' lessons, I will definitely sign up! 😎
 
  • Love
Reactions: Trevor Chandler
I adore the spirit of entrepreneurship! 😆 I suppose the standard price for the inside scoop on phishing kits is $500! Should you ever decide to offer 'Phishing Kits 101' lessons, I will definitely sign up! 😎
It's such a wonderful feeling to know that I already have one customer, and I haven't even officially launched the business!!!

By the way, the $500 amount is not for the phishing kit - it's for an inside peek at how things work!!!
I'm not involved in peddling those $200 phishing kits. That's the underworld, which I'm not a part of :)
 
  • Haha
Reactions: precious
It's such a wonderful feeling to know that I already have one customer, and I haven't even officially launched the business!!!

By the way, the $500 amount is not for the phishing kit - it's for an inside peek at how things work!!!
I'm not involved in peddling those $200 phishing kits. That's the underworld, which I'm not a part of :)
Hahaha! I'm happy to be your first client! 😎 I'm all for the 'Phishing Kits 101' course, so don't worry about the shady side of things. I'll be right there when you launch, so keep it real! 😄
 
  • Love
Reactions: Trevor Chandler
Microsoft has been really hard on passwords and SMS for MFA. And rightfully so, since it doesn't take much to bypass these things. What gets me is that people still can't figure out how to make Microsoft Authenticator work. I have to reset this so often in our Entra tenant for students.
Oh, I think they can figure out how to make it work. I'm of the belief that they're just not motivated enough to invest the little that it takes to understand it!!! And besides, why would I bother to learn how to use something if I know I've got a lifeline waiting to rescue me!!!
 
  • Like
Reactions: precious
Microsoft has been really hard on passwords and SMS for MFA. And rightfully so, since it doesn't take much to bypass these things. What gets me is that people still can't figure out how to make Microsoft Authenticator work. I have to reset this so often in our Entra tenant for students.
It’s crazy how resistant some people are to Microsoft Authenticator, especially when it’s way more secure than passwords and SMS
 
Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:
  • These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
  • Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
  • Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!
It provided assurance