How Can We Help?
Verifier Impersonation Attack
What it is
In a verifier impersonation attack, the attacker creates a fake authentication server (or impersonates a real one) to lure users into authenticating with it. This could involve creating a fake login page or sending a fake authentication request.
How it works
- The attacker might create a website or application that looks identical to a legitimate login portal.
- They might send an email or message that appears to be from a trusted source, asking the user to log in.
- The attacker might intercept legitimate authentication requests and redirect users to their fake server.
Why it’s dangerous
When users authenticate with a fake verifier, their credentials & sensitive information can be easily stolen, exploited by being reused to gain unauthorized access to the user’s accounts or other systems.
- You receive an email from what appears to be your bank. It asks them to log in to update their account information. The email leads to a fake login page where the user enters their credentials, which are then stolen by the attacker.
- An attacker creates a website that looks like a popular social media login page. Users are tricked into logging in, and their credentials are captured.
Best Practices
- Verify the authenticity of the verifier
Always double-check the URL and other details of the authentication server to ensure it’s legitimate.
- Use strong authentication methods
Employ strong passwords, two-factor authentication, and other measures to make it harder for attackers to gain access.
- Be wary of suspicious emails and messages
Be careful when emails ask you to log in or provide sensitive information.
- Use phishing-resistant MFA
Definition
A scenario where the Attacker impersonates the Verifier in an authentication protocol, capturing information that is used to to masquerade as a Claimant to the real Verifier.
SOURCE: SP 800-63
