Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.
This month, we answer readers’ questions about how to protect yourself from the new Tycoon 2FA phishing threat and how to use Adobe Acrobat to redact documents.
Q: How Can I Protect Myself from the New Tycoon 2FA Phishing Threat?
A: The use of two-factor identification (2FA), such as via an authenticator app on your mobile phone, can vastly increase your safety. Sadly, 2FA cannot make you 100 percent safe.
Tycoon 2FA: Phishing-as-a-Service
Malware developers are selling a phishing-as-a-service product known as Tycoon 2FA to a wide range of cybercriminals. It targets email accounts hosted by Google and Microsoft 365, using fake emails, spam, and phony Internet search results to deceive its targets.
The good news for criminals: Tycoon 2FA only costs them $120 to $340 for ten days of service.
The bad news for you: Tycoon 2FA can defeat two-factor identification.
How an Attack Progresses
An attack starts when you click on a link in an email or a web search that includes some deceptive explanation or warning, such as, “Your account has been hacked. You need to log in again now,” or “Due to a system update, you need to log into your account.” When you click the link, you are taken to a web page that looks exactly like your legitimate login page.
Once you enter your login and password, Tycoon 2FA passes those credentials to the real login site, which responds with a prompt for your 2FA number. That response is hijacked and passed back to you, presenting the same prompt for your 2FA number. You enter that, and they’ve got you!
(For more details on how Tycoon 2FA works, see Elizabeth Montalbano, “Tycoon” Malware Kit Bypasses Microsoft, Google MFA, Dark Reading (Mar. 27, 2024).)
Criminal Use of Your Email
Now, the cybercriminal can open your email account and use it to send out counterfeit emails from your real account, exploiting people in your contacts list. Or they can use your email account to attack your other online accounts.
Ironically, after stealing access to your email account, Tycoon 2FA sends you to your real, unlocked email account page so you don’t suspect that anything untoward has happened.
What You Can Do
- The most important advice is: “Be careful when clicking.” Hover the mouse pointer over a link to see where it would really take you. Don’t use some link in an email on some official-looking web page if you are told to log in to your email account or some other account. Log in only using your own password manager or your own browser bookmarks.
- Use 2FA or MFA (multi-factor identification). Despite their vulnerability, they are still very important protections.
- Have a firewall in place on your modem/router that filters out known fake websites. This defense is far from perfect, but it is another layer of protection.
- Subscribe to a service with specific features to protect against phishing attacks. These services include:
- Email protection services such as Proofpoint, Ironscales, or Avanan.
- Remote browser isolation subscriptions such as Forcepoint RBI, Cisco Umbrella, or CrimeBlocker (offered by the author’s company).
(Note that some of these services target midsize and large companies, putting them out of reach for solos and small firms.)
Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120, www.securemyfirm.com—we protect small firms from cyber threats with affordable, multiple layers of defense.