Scammers Bypass Microsoft Office 365 MFA In BEC Attacks

Scammers recently conducted a large-scale business email compromise (BEC) bypassing Microsoft Office 365 MFA.

While Microsoft 365 Defender researchers intercepted the cloud-based infrastructure used by scammers, the researchers explained that the attack occurred behind a recent BEC incident involving stolen login information through phishing messages that redirected targets to landing pages that mimicked Microsoft login pages.

It then asks them to enter their passwords under a prefilled username field.

Although multi-factor authentication already blocks stolen inbox credentials, attackers use older protocols to infect emails and bypass MFA.

For more information, read the original story in Bleeping Computer.

Scammers Bypass Microsoft Office 365 MFA In BEC Attacks

Top Stories

Meta cuts jobs as it doubles down on AI

CISA exposed internal passwords and cloud keys in public repository

Jury throws out Elon Musk’s lawsuit against OpenAI and Sam Altman

U.S. carriers team up to counter Starlink’s satellite-to-phone push

ChatGPT now lets Pro users connect bank and investment accounts

Meta employees protest tracking software as layoffs loom

Related Articles

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

Security researcher finds extensive tracking and security concerns inside White House mobile app

Microsoft Defender flags DigiCert root certificates as malware in false positive

TND News Desk

TND News Desk

Jim Love