Failed Phishing attempt on Beyond Identity

Exploit Type: Attempted AitM
Login Factors: Beyond Identity Phish-Resistant MFA

What happened?

First Login Attempt

The first login attempt was a legitimate authentication using Beyond Identity phish-resistant MFA . The authentication uses the device-bound cryptographic key to complete authentication challenge, and the user successfully logs in.

Second Login Attempt

An adversary sets up a phishing proxy server that looks and behaves exactly like the SSO login page. This proxy will capture all information coming in and out of the server.

A victim is phished into visiting the malicious site and begins the authentication process using Beyond Identity as the identity provider. The authentication fails, as our phish-resistant MFA detects that the origin of the authentication attempt is not from a legitimate domain, and blocks further access.

Why is this NOT an exploit?

During authentication with Beyond Identity, the origin of the authentication request is inspected. If the origin is determined to be malicious, the authentication is blocked. Even if a user falls victim to phishing, our phish-resistant authentication prevents unsafe access. This is called verifier impersonation resistance.

The user is notified and blocked from login, and the rejected login can be notified to the proper system or security administrator.

Experience MFA done right

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.