Phishers built fake Okta and Microsoft 365 login sites with AI – here’s how to protect yourself

As AI evolves to successfully take on business, personal, and even medical use cases, its capabilities also increasingly make it a security threat.

On Tuesday, researchers at identity validator Okta published a report that found hackers are using v0, an AI website creation tool from Vercel, to create “phishing sites that impersonate legitimate sign-in webpages” using text prompts. Hackers replicated Okta’s own login page and other sites, including Microsoft 365, several cryptocurrency companies, and an Okta customer.

Also: Cloudflare just changed the internet, and it’s bad news for the AI giants

Okta noted that hackers stored the resources for their phishing pages, including replicated company logos, on Vercel’s infrastructure to make their sites look more legitimate. “This is an attempt to evade detection based on resources extracted from CDN logs or hosted on disparate or known-malicious infrastructure,” according to the report.

The researchers, who were able to reproduce the findings in a video demo, called this “a new evolution in the weaponization of gen AI.” The Okta report noted how AI tools make it easy for hackers to scale their operations to previously unseen heights. Brett Winterford, vice president of Okta Threat Intelligence, told Axios that it was the first time Okta had witnessed threat actors using AI to build phishing infrastructure instead of the phishing content alone, like email text. 

While Vercel’s v0 is proprietary, there are countless public clones of the application on GitHub — a drawback of the open-source repository. “This open-source proliferation effectively democratizes advanced phishing capabilities, providing the tools for adversaries to create their own phishing infrastructure.

Also: How to protect yourself from phishing attacks in Chrome and Firefox

In response to the report, Vercel restricted access to the fabricated sites and is collaborating with Okta for future reporting. The report noted that Okta hasn’t seen evidence that the hackers’ attempts to pull credentials were successful yet. 

How to protect your business 

For Okta, the findings change the landscape of security training and the reality that AI makes threats much more difficult to keep up with. “Organizations can no longer rely on teaching users how to identify suspicious phishing sites based on imperfect imitation of legitimate services,” the report noted. “The only reliable defence is to cryptographically bind a user’s authenticator to the legitimate site they enrolled in.”

Also: Navigating AI-powered cyber threats: 4 expert security tips for businesses

Of course, that’s what powers Okta’s own product, FastPass. Beyond becoming a customer, Okta recommends that businesses train employees specifically for AI-generated attacks and that admins limit user accounts to only trusted devices. It also called out its Network Zones and Behavior Detection tools as ways to enforce step-up authentication, a system that goes beyond two-factor authentication. 

As AI cybersecurity threats continue to proliferate, security experts also recommend operating with a zero-trust architecture, regulating employee use of AI tools, and consulting external experts who can stay ahead of the curve in a way in-house teams may not have the resources to do themselves. 

It’s also a good time to consider implementing passkeys if you haven’t already. Okta uses them as part of its FastPass tool; the benefit of a passkey is that even if a bad actor manages to get into a website, your account will remain locked because they can’t access the key on your device. 

Also: 10 passkey survival tips: Prepare for your passwordless future now

If you’re worried you’ve clicked on a phishing link, take these steps to protect your accounts.