Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud

2022-07-13 10:53

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts.

The attackers use proxy servers and phishing websites to steal users' password and session cookie.

Their ultimate goal is to access finance-related emails and to hijack ongoing email threads to commit payment fraud and mount business email compromise campaigns against other targets, Microsoft researchers explained.

Phishing Office 365 targets with MFA enabled on their accounts.

There are ways to bypass MFA, and attackers are trying them all: rogue apps, vulnerabilities, legacy authentication protocols, spamming a target user with MFA prompts, and others.

"MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place. Organizations can thus make their MFA implementation 'phish-resistant' by using solutions that support Fast ID Online v2.0 and certificate-based authentication," they noted, and suggested additional solutions and best practices that can be implemented to stymie attackers using these particular tactics.

News URL

https://www.helpnetsecurity.com/2022/07/13/office-365-phishing-mfa/

#365 #bypass #fraud #MFA #office #office365 #payment #phisher

News URL

Related news