You may have heard about a new phishing tool called Modlishka, and have questions about its potential impact on multi-factor authentication or single sign-on. To be clear, Modlishka is not a vulnerability in MFA or SSO. Rather, it is an automation tool designed to make it easier for attackers to phish your employees. In this post, I will outline how Modlishka works, best practices to mitigate the risk of these types of attacks within your Okta environment, as well as why tools like Modlishka are actually good for the security industry. How Modlishka Works The objective of Modlishka is to lure end-users to a fake site in order to steal credentials such as usernames, passwords and 2FA factors that traverse through the same communication channel. To accomplish this, Modlishka acts as a man-in-the-middle by utilizing a known web hosting technique called ‘reverse proxying’. The process looks something like.