- Okta warns Genai Tool V0.DEV is being used to build phishing sites
- The malicious sites are hosted on Vercel’s infrastructure to appear more legitimate
- AI tools also generally cite false URLs, which puts users without distrust at the risk of attacks
New Okta Research revealed how threat actors use V0.DEV of Vercel to build realistic phishing sites that imitate legitimate connection pages, the researchers have managed to reproduce the alleged technique to prove its feasibility.
V0.DEV allows users to create web interfaces from simple natural language prompts, which, according to researchers, are worrying, because technology has now reduced the technical barrier for phishing attacks and other types of cybercrime.
Although Vercel and Okta worked together to restrict access to known sites, many argue that there is very little to do to prevent such attacks, AI tools have become so widespread.
Genai is now creating phishing sites
Okta noted that false phishing sites were observed in the company logos and other assets to reduce detection by the victims without distrust, the sites organized on the Vercel infrastructure seem more legitimate. Microsoft 365 and the false crypto sites were among the most popular.
The open source availability of v0.DEV clones and guides on GitHub has also widened access to these capacities for less experienced developers and attackers.
OKTA recommends that all users configure multi-factor authentication on supported accounts, linking authenticators to original areas via tools like Okta Fastpass to ensure that false sites do not have access to your identification information.
“Organizations can no longer rely on teaching to users how to identify suspect phishing sites based on imitation imitation of legitimate services,” noted Okta researchers.
Companies should also update their cybersecurity training programs to meet the risks of phishing attacks generated by AI and social engineering.
The news comes shortly after another report revealed about a third of the Genai chatbot responses containing connection URLs were false, the attackers recording false areas that are cited by tools like Chatgpt to establish their own phishing campaigns.
