Security News > 2023 > June > New phishing and business email compromise campaigns increase in complexity, bypass MFA

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions.
The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.
Once the attacker was in possession of a valid session cookie, they started accessing email conversations and documents hosted in the cloud and generated a new access token in order to use the stolen session for longer.
After the phishing emails were sent, the attacker monitored the mailbox and responded to the recipients, who answered with doubts about the phishing email, to falsely confirm that the email was legitimate.
Since the initial attack vector is a phishing email, it is necessary to deploy mailbox security solutions that can detect phishing attempts and raise alerts on emails coming from outside of the company when they follow suspicious behavioral patterns.
Email boxes suddenly starting to send a massive number of emails or suddenly forwarding a lot of emails to another email address should raise alerts and be analyzed carefully.
News URL
https://www.techrepublic.com/article/microsoft-news-business-email-compromise-attacks-phishing/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)