chevron-down Created with Sketch Beta.

GPSolo eReport

GPSolo eReport April 2024

Ask Techie: How Can I Protect Myself from the Tycoon 2FA Phishing Threat?

Ashley Hallene and Wells Howard Anderson

Summary

  • This month’s tech Q&A column answers readers’ questions about how to protect yourself from the new Tycoon 2FA phishing threat and how to use Adobe Acrobat to redact documents.
  • Using two-factor identification (2FA) can vastly increase your safety. Sadly, 2FA cannot make you 100 percent safe.
  • Adobe Acrobat is a powerful tool, but it still must be managed with diligence.
Ask Techie: How Can I Protect Myself from the Tycoon 2FA Phishing Threat?
Yulia Grossman via Getty Images

Jump to:

Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.

This month, we answer readers’ questions about how to protect yourself from the new Tycoon 2FA phishing threat and how to use Adobe Acrobat to redact documents.

Q: How Can I Protect Myself from the New Tycoon 2FA Phishing Threat?

A: The use of two-factor identification (2FA), such as via an authenticator app on your mobile phone, can vastly increase your safety. Sadly, 2FA cannot make you 100 percent safe.

Tycoon 2FA: Phishing-as-a-Service

Malware developers are selling a phishing-as-a-service product known as Tycoon 2FA to a wide range of cybercriminals. It targets email accounts hosted by Google and Microsoft 365, using fake emails, spam, and phony Internet search results to deceive its targets.

The good news for criminals: Tycoon 2FA only costs them $120 to $340 for ten days of service.

The bad news for you: Tycoon 2FA can defeat two-factor identification.

How an Attack Progresses

An attack starts when you click on a link in an email or a web search that includes some deceptive explanation or warning, such as, “Your account has been hacked. You need to log in again now,” or “Due to a system update, you need to log into your account.” When you click the link, you are taken to a web page that looks exactly like your legitimate login page.

Once you enter your login and password, Tycoon 2FA passes those credentials to the real login site, which responds with a prompt for your 2FA number. That response is hijacked and passed back to you, presenting the same prompt for your 2FA number. You enter that, and they’ve got you!

(For more details on how Tycoon 2FA works, see Elizabeth Montalbano, “Tycoon” Malware Kit Bypasses Microsoft, Google MFA, Dark Reading (Mar. 27, 2024).)

Criminal Use of Your Email

Now, the cybercriminal can open your email account and use it to send out counterfeit emails from your real account, exploiting people in your contacts list. Or they can use your email account to attack your other online accounts.

Ironically, after stealing access to your email account, Tycoon 2FA sends you to your real, unlocked email account page so you don’t suspect that anything untoward has happened.

What You Can Do

  1. The most important advice is: “Be careful when clicking.” Hover the mouse pointer over a link to see where it would really take you. Don’t use some link in an email on some official-looking web page if you are told to log in to your email account or some other account. Log in only using your own password manager or your own browser bookmarks.
  2. Use 2FA or MFA (multi-factor identification). Despite their vulnerability, they are still very important protections.
  3. Have a firewall in place on your modem/router that filters out known fake websites. This defense is far from perfect, but it is another layer of protection.
  4. Subscribe to a service with specific features to protect against phishing attacks. These services include:
    1. Email protection services such as Proofpoint, Ironscales, or Avanan.
    2. Remote browser isolation subscriptions such as Forcepoint RBI, Cisco Umbrella, or CrimeBlocker (offered by the author’s company).

(Note that some of these services target midsize and large companies, putting them out of reach for solos and small firms.)

Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120, www.securemyfirm.com—we protect small firms from cyber threats with affordable, multiple layers of defense.

Q. How Do I Use Adobe Acrobat to Redact Documents?

Adobe Acrobat is a helpful tool for removing sensitive text and images from documents. To start, open the document that you wish to redact. On the side of the screen, you will see a list of tools; select the “Redact a PDF” tool. (You also can search for the Redact a PDF tool in the Tools search box if its icon is not among those shown.) This brings up a short menu with the following actions:

  1. Redact Text & Images. This permanently deletes sensitive content. To use it, first select text and/or images in the file. Once you are done selecting items to redact, then select the “Apply” button to permanently remove them.
  2. Redact Pages. This allows you to permanently delete the current page or a designated range of pages.
  3. Find Text & Redact. With this tool, in the Search dialog box, you can search for specific words (e.g., names) or common patterns of sensitive information (such as credit card or Social Security numbers). You can then consistently mark them for redaction. Note: Documents can contain images and line art that appear as text but are not searchable. These items will not be found by the Find Text & Redact feature. You will need to review your document carefully to ensure that all sensitive information is properly marked for redaction.
  4. Properties. This lets you designate the properties for your redaction tool, such as the fill color (which should be black), whether to use overlay text, etc.
  5. Sanitize Document. With this tool, you can remove all hidden data and metadata from your document so that sensitive information is not passed along when you publish the PDF. You can choose between removing all hidden data or selectively removing hidden data.

Adobe Acrobat is a powerful tool, but it still must be managed with diligence. Use these features for faster redacting, but always review the final document yourself before sharing.

Techie: Ashley Hallene, JD, GPSolo eReport Editor-in-Chief ([email protected]).

What’s YOUR question?

If you have a technology question, please forward it to Managing Editor Rob Salkin ([email protected]) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Ashley Hallene, Al Harrison, and Matthew Murrell. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.

Please send in your questions today!

    Authors