- Okta warns GenAI tool v0.dev is being exploited to build phishing sites
- The malicious sites are being hosted on Vercel infrastructure to appear more legitimate
- AI tools are also commonly citing false URLs, putting unsuspecting users at risk of attacks
New Okta research has revealed how threat actors are using Vercel’s v0.dev to build realistic phishing sites which mimic legitimate sign-in pages, with researchers successful reproducing the alleged technique to prove its feasibility.
v0.dev allows users to create web interfaces from simple, natural language prompts, which researchers say is concerning because the technology has now been proven to lower the technical barrier for phishing attacks and other types of cybercrime.
Although Vercel and Okta have worked together to restrict access to known sites, many argue there’s very little that can be done to prevent such attacks now AI tools have become so widespread.
GenAI is now creating phishing sites
Okta found the fake phishing sites to be impersonating company logos and other assets to reduce detection by unsuspecting victims, with the sites hosted on Vercel’s infrastructure to appear more legitimate. Microsoft 365 and fake crypto sites were among the most popular.
The open source availability of v0.dev clones and guides on GitHub has also broadened access to these capabilities for less experienced developers and attackers.
Okta is recommending that all users set up multi-factor authentication on supported accounts, binding authenticators to original domains via tools like Okta FastPass to ensure that fake sites don’t get access to your credentials.
“Organizations can no longer rely on teaching users how to identify suspicious phishing sites based on imperfect imitation of legitimate services,” Okta’s researchers noted.
Companies should also update their cybersecurity training programs to address risks from AI-generated phishing attacks and social engineering.
The news comes soon after another report revealed around one-third of GenAI chatbot responses containing login URLs were false, with attackers registering false domains that are cited by tools like ChatGPT to establish their own phishing campaigns.
