Hi everyone! There is a new guide to push phishing defense and best practices you may find useful. The info in this guide will help you educate end-users and make changes to your Duo configuration that will strengthen your defenses against attacks targeting MFA.
Push phishing can occur when a bad actor steals a user’s primary credentials (like a username and password), uses them to log into an environment, and hopes that the user will simply approve the push out of habit, allowing the bad actor through.
Recently, more advanced methods of push phishing have emerged, making protection measures more important than ever.