- OKTA warns the Genai V0.DEV tool is being exploited to build phishing sites
- Malicious sites are being housed in Vercel infrastructure to look more legitimate
- IA tools also commonly cite the false URLs, putting off users at risk of attacks
The new research of OKTA has revealed how the threat actors are using the V0.DEV of Vercel to build realistic phishing sites that imitate the legitimate login pages, with successful researchers reproducing the alleged technique to demonstrate their viability.
V0.DEV allows users to create web interfaces based on simple indications of natural language, which researchers say it is worrying because it has been shown that technology reduces the technical barrier for phishing attacks and other types of cyber crimes.
Although Vercel and Okta have worked together to restrict access to known sites, many argue that very little can be done to avoid such attacks now the AI tools have been generalized.
Genai is now creating phishing sites
OKTA discovered that false phishing sites are the company’s logos and other assets to reduce the detection of unsuspecting victims, with the sites hosted in the Vercel infrastructure to seem more legitimate. Microsoft 365 and false cryptographic sites were among the most popular.
The availability of open source of clones and V0.DEV guides in Github has also expanded access to these capacities for less experienced developers and attackers.
OKTA recommends that all users configure multifactive authentication in compatible accounts, authenticating binding on original domains through tools such as OKTA Fastpass to ensure that false sites do not have access to their credentials.
“Organizations can no longer rely on teaching users how to identify suspicious phishing sites based on the imperfect imitation of legitimate services,” OKTA researchers said.
Companies must also update their cybersecurity training programs to address the risks of Phishing and Social Engineering attacks generated by AI.
The news occurs shortly after another report revealed about a third of Genai Chatbot responses containing login URLs were false, with attackers who record false domains that are cited by tools such as Chatgpt to establish their own Phishing campaigns.
