Attackers use Single Sign-On in Phishing pages used to steal credentials

• Malicious pages have been reported to leverage Single Sign-On (SSO) to steal users’ credentials.
• This form of phishing attack has grown with the popularity and ease of SSO among widely used websites.

What is Single Sign-On?

Single Sign-On (SSO ) allows users to use a set of credentials to log into multiple applications.

• It does not require the user to remember multiple sets of credentials for different accounts.
• Eliminating password prompts for each application during a session improves user experience.
• SSO is often accomplished by authenticating the user against a repository such as Lightweight Directory Access Protocol (LDAP).
• Google, Facebook, and Twitter are among the popular applications that offer SSO to users.
• SSO can also be extended to third-party services. For example, many applications allow users to access their account using Google’s or Facebook’s authentication.

How is SSO abused?

The availability of SSO is steadily increasing across applications, which has lead to many hackers attempting to misuse it.

• Malicious pages have been reported to pretend to be the sign-in pages of applications such as Dropbox.
• When users enter their credentials, the data is harvested instead of logging them into the intended application.
• Before the popularity of SSO, hackers would create a separate page for each service to steal credentials. But now, they’re able to create a single phishing page.

What can you do to be safe?

Probably the best way to protect yourself from SSO phishing attacks is to enable two-factor authentication.

This is because having a secondary authentication makes it difficult for hackers to access your account. It is also recommended not to use SMS as the secondary authentication, because it is not as secure as other methods.