A years-long research effort between computer scientists at Stony Brook University and private industry researchers have found more than 1,000 new and more sophisticated phishing automation toolkits across the globe. What’s interesting about this effort is these tools can help subvert the multi-factor authentication (MFA) of just about any website using two key techniques, man-in-the-middle (MITM), and reverse web proxies. Let’s talk about how the attack works, how these tools were found in the wild, and what you can do about them to keep using MFA to protect your own logins.