Okta warns against attacks targeting IT service desk agents

Emre Çitak
Sep 6, 2023

Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks targeting IT service desk agents at U.S.-based customers.

The attackers aim to trick agents into resetting multi-factor authentication (MFA) for high-privileged users, which would give them full administrative access to the victim's Okta account.

Okta IT service deck attack
Okta recently issued a warning about a targeted IT service desk attack that focused on U.S.-based customers

Attack's methodology

The attacks typically begin with an email from a compromised account, such as an executive or other high-profile individual, requesting the IT service desk agent to reset the MFA for security or troubleshooting purposes.

If the agent falls for the ruse, they will be directed to a fake Okta website that looks authentic, and then prompted to enter their credentials.

Once the attackers obtain the agent's credentials, they can log into the victim's Okta account, disable MFA, and gain full administrative access.

Read alsoCybersecurity experts develop a dark web-trained AI.

How do you protect yourself?

To protect yourself from these attacks, it's essential to be vigilant and skeptical of unsolicited requests. Never enter your credentials on a website you don't trust, and always verify the URL matches the real Okta website.

Keep your MFA software up to date, and train your IT service desk agents to spot and report phishing attacks. Additionally, use strong passwords, enable MFA for all accounts, keep your software up to date, and exercise caution when sharing personal information online.

Be wary of unsolicited emails or phone calls, and report any suspicious activity immediately.
By following these tips, you can help protect yourself from Okta hackers and other cyber threats.

Remember, even the most secure IAM systems can be vulnerable to social engineering attacks. Stay informed and take proactive measures to safeguard your accounts and personal information.


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.