[THEME] Clone detection
The Clone Detection theme protects your organization against Adversary-in-the-Middle (AiTM) phishing attacks. In an AiTM attack, a criminal creates a clone of the Microsoft 365 login page to intercept user credentials and session tokens in real-time, effectively bypassing multi-factor authentication.
What does Attic do?
Attic applies a unique visual fingerprint to your Microsoft 365 login page. This fingerprint allows us to detect when an attacker creates a clone of your login portal. When a clone is detected, Attic immediately alerts you so that swift action can be taken.
The checks in this theme verify that:
- Clone Detection is installed and active on the login page
- Clone Mitigation measures are in place
- The Login Seal is properly configured
- No active clones of your login page have been detected
Why is this important?
AiTM attacks are one of the most effective methods used by cybercriminals today. Because they can bypass MFA, traditional security measures alone are not sufficient. Early detection of login page clones gives your organization the ability to respond before credentials are compromised.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1109 | Clone Detection |
| CHK-1103 | Clone Intervention Screen |
| CHK-1110 | Login Authenticity Seal |
| CHK-1158 | Microsoft365 Portal Clone Detected |