Single Sign-On Smishing
Single sign-on (SSO) service allows users to log in to multiple accounts by using one set of login credentials. Unfortunately, users aren’t the only people who benefit from this service. Cybercriminals are taking advantage of SSO services in a recent smishing (SMS phishing) scam.
To start this scam, cybercriminals send you a text message about an important update to one of your organization’s policies. The text message says to tap a link to read the updated policy.
If you tap the link, you’ll be taken to a fake login page and prompted to enter your login credentials. Then, cybercriminals can use your credentials to access your SSO account and other accounts linked through the service.
Once they have access, cybercriminals can steal sensitive information from you and your organization.
Follow the tips below to stay safe from similar scams:
- Always be cautious of unexpected text messages.
- Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
- Never tap on a link in a text message you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
Need some security advice or help?
IT cybersecurity partners, like Blue Fox Group, help businesses & IT leaders:
- Review of your security posture and gaps
- Review any regulatory compliance activity and requirements
- Determine how to store and safeguard large amounts of sensitive data through Detection & Response and Encrypted backup services.
- Build a Remote Employee Security Checklist
- Implement Multi-factor Authentication & Phishing Security 3.0