- In the third quarter of 2022, APWG observed 1,270,883 total phishing attacks, a new record and the worst quarter for phishing that APWG has ever observed.
- Attacks against the financial sector represented 23.2% of all phishing attacks.
As Phishing attacks are continuously on the rise year after year, and your employees are the main targets of these attacks, I’m here to showcase how Okta is able to leverage Phishing Resistance Authenticators to DETECT, PREVENT and PROTECT your end-users and organisation from Phishing attempts.
Here’s a quick video demonstrating Okta’s Phishing Resistant Authenticators in Action vs EvilGinX
Okta FastPass provides strong resistance to credential phishing attacks. The Loopback server and the SSO extension methods described above have strong phishing resistance capabilities. The fallback methods, such as Universal Links (iOS), Custom URI (macOS), and App Links (Android), do not provide the same level of phishing protection. However, we can use some of these methods to launch Okta Verify and enable users to authenticate using the phishing resistance bindings such as the Loopback server. Okta’s policy configuration page guides the admin to configure the app sign-on policies with phishing resistance correctly.
The below diagram shows how Okta’s Loopback server binding helps in preventing phishing attacks involving an adversary in the middle attack using a proxy server such as evilginx.
Since Okta FastPass includes the origin header in the signed response payload, Okta can easily detect the domain mismatch throw and alert administrators and end-users, in addition to rejecting the authentication request.
Admins can use Okta Workflows to alert the end-user through a back channel such as Slack or email or to take other actions such as blocking traffic to and from the phishing site.
Combining this with device assurance policies, Okta can provide strong protection from other forms of endpoint attacks, such as malware or ransomware. Okta’s partners, such as Crowdstrike and Windows Security Center, can provide valuable signals on the presence of malware on the device, which Okta leverages to enforce strong authentication policies.