Phishing on T-Mobile's Okta

Published on:

June 13, 2022

A small list of domains we are seeing registered

We're seeing what could be a precursor to a phishing attack on T-Mobile's Okta instance. The domains we're seeing are registered through CSC Global and Namecheap, hosted on Linode and DigitalOcean We'll keep you posted on updates, in the meantime, here are the domains:
okta-tmobiie[.]net
t-mobile-okta[.]us
okta-oath[.]com
t-mobile-okta[.]com
okta-tmobile[.]org
okta-tmo[.]org"

Related Content

SecuritySnacks

Cybersecurity Reading List - Week of 2026-06-01

Commentary followed by links to cybersecurity articles and resources that caught our interest internally.

Learn More

SecuritySnacks

SecuritySnack - Hijacking Corporate Sessions

A sophisticated AiTM phishing kit bypassing traditional MFA to steal Microsoft 365 session cookies. Get the full breakdown and IOCs.

Learn More

SecuritySnacks

Cybersecurity Reading List - Week of 2026-05-04

Systems thinking, biolistics, and the danger of mop-up science in infosec — plus this month's reading on ransomware, RPKI exploits, cPanel, and LLM pollution.

Learn More

Phishing on T-Mobile's Okta

A small list of domains we are seeing registered

Heading