Recently, a new phishing toolkit has been discovered that targets Microsoft 365 and Gmail accounts. This toolkit, known as Tycoon 2FA, is capable of hijacking even carefully protected accounts, despite the use of two-factor authentication (2FA) security methods.
The Tycoon 2FA toolkit operates as a famous Phishing-as-a-Service (PhaaS) platform on private Telegram channels. It uses the “Adversary-in-the-Middle” Phishing toolkit to deceive users.
Here’s how the phishing attack works: the attacker will send an email containing a QR code or link to a fake website to the user. When the victim interacts with the link or QR code, the website will trigger a Cloudflare security check. After passing the test, the victim will be directed to a fake Microsoft page asking to enter login information. After stealing the username and password, Tycoon 2FA will display a fake 2FA page, asking to verify the user’s identity.
The criminals’ trick is to intercept and hold 2FA tokens to bypass security measures. The cookie for this login will be stolen and can be reused at any time, completely bypassing the account’s 2FA protection layer. The same applies to Gmail accounts or any other targeted accounts.
To protect yourself from phishing attacks, you should follow these tips:
- Be careful with unfamiliar emails: Do not click on any links or QR codes in emails from unknown senders.
- Double-check the website address: Make sure the website address matches the official Microsoft website or Gmail before entering your login information.
- Use strong passwords: Use a different password for each account and change it regularly.
- Enable two-factor authentication (2FA): 2FA is an additional layer of security that helps protect accounts even if an attacker gets their hands on the password.
- Keep your device’s antivirus and security software up to date.
