New Phishing Attacks Beat Multi-Factor Authentication on Microsoft 365
Two sophisticated phishing kits are bypassing MFA protections on work accounts. Here's what you need to know to stay protected.
Source
GetCyberRight Intelligence
Original headline: New Phishing Kits Bypass MFA on Microsoft 365
Plain-English summary by GetCyberRight. Read the full report at the source above.
What's Happening
Two new phishing kits called Jalisco and OmegaLord are successfully bypassing multi-factor authentication (MFA) on Microsoft 365 accounts. This matters because millions of professionals have relied on MFA as their primary defense, believing it made their accounts nearly impossible to hack. That assumption is now being actively exploited.
The Details
Think of MFA like a second lock on your door. You need your password (first lock) plus a code from your phone (second lock) to get in. These new phishing kits work differently than old attacks. Instead of trying to guess your password, they trick you into giving attackers both locks at the same time.
Here's how it works: You receive an email that looks exactly like a real Microsoft login page. When you enter your password and MFA code, the attackers instantly use that information to log into your real account before the code expires. It happens so fast you don't notice anything wrong. The fake page even redirects you to the real Microsoft site afterward, so you think everything worked normally.
This technique is called a "man-in-the-middle" attack. The attackers sit between you and Microsoft, collecting your credentials as you type them. They're not breaking MFA. They're tricking you into handing over an already-unlocked door.
Who Is Affected
Anyone using Microsoft 365 for work should pay close attention. This includes employees at companies of all sizes, remote workers, consultants, and business owners. If you use Outlook, Teams, SharePoint, or OneDrive through a work account, you're a potential target.
Family members who share computers or help parents with work tasks should also understand this threat. Attackers often target less tech-savvy users or people working from home who may be more distracted. One compromised account can expose sensitive company data, client information, and even payroll systems.
What You Should Do Right Now
Bookmark your Microsoft 365 login page right now. Always click your bookmark to log in, never links from emails. This single step blocks most of these attacks.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Check the web address before entering any password. The real Microsoft login always starts with "login.microsoftonline.com" or "login.microsoft.com." If it's anything else, close the page immediately.
Enable passwordless authentication in your Microsoft account settings. This uses the Microsoft Authenticator app to approve logins without codes that can be stolen. Ask your IT department to help set this up.
Report suspicious login emails to your IT department immediately. Forward the entire email, even if you're not sure it's fake. IT teams need to know when attacks are targeting your organization.
Use a password manager to autofill login credentials. Password managers only autofill on legitimate websites, so they won't enter your password on a fake phishing page.
The Bigger Picture
This development shows that cybersecurity is not a set-it-and-forget-it checkbox. Attackers constantly adapt to our defenses. MFA remains essential and blocks most attacks, but it's one layer in a security strategy that needs multiple protections. Staying informed about new threats and adjusting your habits accordingly is now a basic life skill, just like locking your car or checking before you cross the street.
How GetCyberRight Can Help
Our GCR Scam Guard tool detects phishing attempts before you even interact with fake login pages. It provides an additional protection layer that works alongside MFA, not instead of it. Scam Guard analyzes links and websites in real-time, warning you when something looks suspicious. Think of it as a security guard who checks IDs before anyone gets near your door. Visit getcyberright.com to learn how Scam Guard protects your family and workplace from evolving threats like Jalisco and OmegaLord.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
New Phishing Attacks Can Bypass Multi-Factor Authentication on Microsoft 365
Two sophisticated phishing toolkits are tricking users into handing over their MFA codes in real time, giving hackers access to Microsoft 365 accounts.
3 min readUS Sanctions VPN Service That Helped Criminals Attack Hospitals and Schools
The US government sanctioned a VPN provider for helping ransomware gangs hide attacks on critical infrastructure. Here's what families need to know.
4 min readCriminal VPN Service Sanctioned for Helping Ransomware Attacks
The US Treasury sanctioned a VPN provider used by ransomware gangs to attack hospitals, schools, and cities while hiding their identities.
4 min readJapan's Largest Taxi Operator Shuts Down After Cyberattack
Nihon Kotsu forced offline to contain breach, affecting thousands. What small businesses can learn from this infrastructure attack.
3 min read