Okta Social Engineering Impersonation Report - Response and Recommendation

Summary

Okta has identified an increase in phishing social engineering attempts claiming to be from Okta Support. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta. If you receive suspicious contact claiming to be Okta, please promptly inform Okta Security at security@okta.com.

What can you expect?

In the event a support case is open, Okta Support may contact you by phone or email. The Okta Support call will include an initial validation process for authorized representatives by both phone and email. Okta Support will not ask for your password or for an MFA token.

In the case of a significant security-related concern, Okta customers will receive a rapid communication alert. Rapid alerts will only be received by your organization’s security & privacy contact(s) and primary IT contact(s) via the information in their respective profiles, which must be up-to-date to successfully communicate with you.

Okta may contact you from the following verified channels:

1. Email

Okta Support emails will be from support@okta.com or support@auth0.com and Okta emails will be sent from noreply@securityalerts.okta.com or noreply@okta.com.

2. SMS

Text alerts are sent from SMS numbers or short codes that may vary by country. In the US, they are from 893-61.

3. Phone

Okta and Okta Support may contact you by phone, with numbers ranging by region. Please note incoming calls could potentially be spoofed by threat actors who deliberately falsify the caller ID displayed in order to disguise their Identity. Incoming caller ID alone should not validate the caller as authentic.

What can you do?

Social engineering scams prey on urgency and emotional reaction. When receiving suspicious, unsolicited contact, be vigilant of the following common indicators of social engineering:

• Suspicious email address

A social engineering sender will often imitate the address of a legitimate business or organization however some characters may vary, be omitted, or misspelled.

• Urgency and emotional response

Recognizable signs of an attempt include urgency and manipulation of an emotional response as tactics. In these cases, social engineering attackers may use time-sensitive situations and/or a narrative to invoke an emotional response with the goal of coercing impulsive decisions.

• Spelling, grammar and layout

One of the most obvious indicators is a message with poor sentence structure, improper grammar and incorrect spelling. In some cases, the layout including formatting of the message is irregular. It should be noted that with the emergence of AI technology, spelling and grammar errors are not always obvious, or even present.

• Suspicious links or attachments

Unsolicited email or SMS messages including attachments or links should be verified prior to opening, especially if the messaging involves a sense of urgency.

For more information on how to protect yourself, your workforce, your business and your customers, read up on Okta’s Ultimate Guide to Phishing Prevention.

How to report Okta Impersonation Attempts?

If you come across a suspected impersonation attempt of Okta or Okta Support as a customer, please promptly raise a customer support ticket or inform Okta Security by email at security@okta.com.