West Houston, TX — July 2025 — Impress IT Solutions, a cybersecurity and IT services provider based in West Houston, is sounding the alarm after cybersecurity researchers exposed a new phishing tactic that bypasses FIDO2 security keys. The attack, carried out by a cybercrime group known as PoisonSeed, abuses legitimate features of cross-device sign-in flows—making even strong multi-factor authentication (MFA) vulnerable.
🚨 What’s the Threat?
PoisonSeed, a phishing group previously tied to crypto wallet theft and CRM credential compromises, has developed a method to exploit the QR-based sign-in process used in modern FIDO2 authentication.
Instead of attacking the FIDO protocol itself (which remains secure), PoisonSeed manipulates the hybrid transport mechanism used when a login is approved via QR code scanning between two devices. This allows them to bypass phishing-resistant protections—and it’s a tactic Impress IT says is a rising concern for Houston-area businesses.
🧠 How the Attack Works
  1. A phishing email leads the user to a spoofed company login page, mimicking platforms like Okta or Microsoft 365.
  2. Once login credentials are entered, the attacker forwards them to the real site and requests login via QR code sign-in.
  3. The legitimate portal displays a QR code—intended for secure cross-device login—and the attacker copies it to the fake phishing site.
  4. The victim unknowingly scans the QR code with their real authenticator app, believing it’s legitimate.
  5. The attacker’s session is authenticated. They’re in.
“What makes this attack so dangerous is that it doesn’t ‘break’ MFA—it abuses its most trusted mechanisms,” says the security team at Impress IT Solutions.
🔐 How Impress IT Solutions Keeps Houston Safe
Impress IT Solutions offers managed cybersecurity services tailored to West Houston’s business community—from medical practices and legal firms to construction companies and remote teams. Their security stack is already designed to defend against exactly this kind of attack.
🔍 Phishing Simulation & Employee Training
  • Real-world phishing exercises that teach employees how to spot fake login pages and unexpected QR code prompts.
  • Easy-to-understand guidance on when not to scan a code, especially outside a known app.
🔑 FIDO2 With Contextual Checks
  • Enforces proximity-based checks (like Bluetooth/NFC) during FIDO2 logins to prevent remote QR sign-ins.
  • Implements same-device-only MFA approval when possible.
📱 QR Code Behavior Monitoring
  • Detects anomalies like:
    • QR code logins from unexpected devices
    • New FIDO key enrollments
    • Off-hours or geo-anomalous authentication attempts
🔄 Secure Account Recovery
  • Locks down password reset workflows using phishing-resistant identity checks
  • Ensures no rogue FIDO keys can be silently added after a breach
⚠️ Lessons for Local Businesses
Impress IT Solutions emphasizes that while FIDO2 remains one of the best tools for phishing resistance, its implementation matters.
“If you’re scanning a QR code to log in, always check the browser domain and make sure the request came from your own action—not an email,” says their security lead. “If a fake site convinces you to scan a legitimate QR code, your whole MFA setup is bypassed.”
🧩 Recommendations From Impress IT
To protect your team and customers, Impress IT recommends:
  • Require hardware-bound MFA (e.g. USB keys or Face ID on-device)
  • Disable cross-device QR sign-in unless strictly needed
  • Monitor for new device enrollments
  • Use phishing-resistant recovery methods (not email-based resets)
  • Display detailed login info (like device type and location) on sign-in prompts
🛡️ Get Protected Today
If you’re in West Houston and unsure whether your business is protected against QR-based phishing and MFA downgrades, now is the time to act. Impress IT Solutions can help you harden your identity systems, train your staff, and implement cutting-edge security before an attacker strikes.
🧠 Security isn’t just a checkbox—it’s a mindset. Let Impress IT Solutions help your business think like a hacker, so you don’t get hit like one.
📞 Contact Impress IT Solutions today for a cybersecurity consultation and protect your team from advanced phishing and MFA abuse.

Email Security

Protect Your Business from Cyber Threats with AI-Driven Security and Real-Time Alerts