New Phishing Technique Bypasses Multi-Factor Authentication

Security researchers have discovered a new phishing technique that can bypass multi-factor authentication (MFA) by intercepting authentication tokens in real-time. The attack, dubbed "TokenSnatch," represents a significant evolution in phishing capabilities.

How TokenSnatch Works

The attack uses a reverse proxy to sit between the victim and the legitimate website:

Victim receives a phishing email with a malicious link
The link leads to a convincing replica of the login page
When the victim enters credentials, they're forwarded to the real site
The MFA prompt is displayed and the token is captured
Attacker gains access with the stolen session

Protecting Against TokenSnatch

Use hardware security keys (FIDO2/WebAuthn)
Implement phishing-resistant MFA
Train users to verify URLs carefully
Deploy browser-based phishing protection

How TokenSnatch Works

The attack uses a reverse proxy to sit between the victim and the legitimate website:

Victim receives a phishing email with a malicious link
The link leads to a convincing replica of the login page
When the victim enters credentials, they're forwarded to the real site
The MFA prompt is displayed and the token is captured
Attacker gains access with the stolen session

Protecting Against TokenSnatch

Use hardware security keys (FIDO2/WebAuthn)
Implement phishing-resistant MFA
Train users to verify URLs carefully
Deploy browser-based phishing protection

New Phishing Technique Bypasses Multi-Factor Authentication

How TokenSnatch Works

Protecting Against TokenSnatch

TAGS

SHARE_THIS_ARTICLE

Enjoyed this article?

New Phishing Technique Bypasses Multi-Factor Authentication

How TokenSnatch Works

Protecting Against TokenSnatch

TAGS

SHARE_THIS_ARTICLE

Enjoyed this article?