Single Sign in Service Scam

Okta Single Sign in Service lets users sign into multiple accounts but using one login credential. This service sounds like an awesome service to use where you only have to remember one login. Unfortunately, it’s also an awesome service for cybercriminals to use for smishing scams.

In the latest scam, cybercriminals send a text with an important update from a company you recognize. In the text it asks you to tap on the link to review the policy update. When you tap the link it takes you to an Okta sign in page. If you sign in with your login credentials you are giving them straight to the cybercriminals. Since Okta is a sign in service that allows you to access multiple accounts the cybercriminals are able to access all accounts that are connected to the one set of credentials. Once they have access, they can steal payment information and other sensitive information.

Tips:

• Always think before you click! Never click on a link or download an attachment from an unexpected email, text or post.
• If you get an unexpected text that looks to appear to come from a company you know, go to the company’s website through your internet browser instead of clicking the link.
• Be cautious and always aware. Cybercriminals like to trick you into doing an action.

Learn more tips like this and train your employees with our Security Awareness Training Program.

‍