Phishing on T-Mobile's Okta

Published on:

June 13, 2022

A small list of domains we are seeing registered

We're seeing what could be a precursor to a phishing attack on T-Mobile's Okta instance. The domains we're seeing are registered through CSC Global and Namecheap, hosted on Linode and DigitalOcean We'll keep you posted on updates, in the meantime, here are the domains:
okta-tmobiie[.]net
t-mobile-okta[.]us
okta-oath[.]com
t-mobile-okta[.]com
okta-tmobile[.]org
okta-tmo[.]org"

Related Content

SecuritySnacks

SecuritySnack - CloudFlare Anti-Security For Phishing

A Microsoft 365 credential harvesting campaign is exploiting CloudFlare's anti-bot and human verification features to evade detection. Learn how attackers use IP blocklists, user-agent filtering, and obfuscated scripts to bypass security scanners—and what it means for the industry.

Learn More

SecuritySnacks

Cybersecurity Reading List - Week of 2026-03-02

A broken snowblower belt taught me something cybersecurity professionals often forget — saying "I don't know" isn't failure. It's where the real work begins.

Learn More

SecuritySnacks

SecuritySnack - Idolized Crypto Scams

An analysis of an active cryptocurrency scam operation impersonating Trump, Musk, and Truth Social across 250+ domains — uncovering shared wallet infrastructure, on-chain laundering pipelines, and the tactics used to fake legitimacy.

Learn More

Phishing on T-Mobile's Okta

A small list of domains we are seeing registered

Heading