Skip to main content
    New Phishing Attacks Beat Multi-Factor Authentication on Microsoft 365
    Cybersecurity
    Important
    4 min read

    New Phishing Attacks Beat Multi-Factor Authentication on Microsoft 365

    Two sophisticated phishing kits are bypassing MFA protections on work accounts. Here's what you need to know to stay protected.

    Source

    GetCyberRight Intelligence

    Original headline: New Phishing Kits Bypass MFA on Microsoft 365

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Tuesday, July 14, 20264 min read
    Share:

    What's Happening

    Two new phishing kits called Jalisco and OmegaLord are successfully bypassing multi-factor authentication (MFA) on Microsoft 365 accounts. This matters because millions of professionals have relied on MFA as their primary defense, believing it made their accounts nearly impossible to hack. That assumption is now being actively exploited.

    The Details

    Think of MFA like a second lock on your door. You need your password (first lock) plus a code from your phone (second lock) to get in. These new phishing kits work differently than old attacks. Instead of trying to guess your password, they trick you into giving attackers both locks at the same time.

    Here's how it works: You receive an email that looks exactly like a real Microsoft login page. When you enter your password and MFA code, the attackers instantly use that information to log into your real account before the code expires. It happens so fast you don't notice anything wrong. The fake page even redirects you to the real Microsoft site afterward, so you think everything worked normally.

    This technique is called a "man-in-the-middle" attack. The attackers sit between you and Microsoft, collecting your credentials as you type them. They're not breaking MFA. They're tricking you into handing over an already-unlocked door.

    Who Is Affected

    Anyone using Microsoft 365 for work should pay close attention. This includes employees at companies of all sizes, remote workers, consultants, and business owners. If you use Outlook, Teams, SharePoint, or OneDrive through a work account, you're a potential target.

    Family members who share computers or help parents with work tasks should also understand this threat. Attackers often target less tech-savvy users or people working from home who may be more distracted. One compromised account can expose sensitive company data, client information, and even payroll systems.

    What You Should Do Right Now

    1. Bookmark your Microsoft 365 login page right now. Always click your bookmark to log in, never links from emails. This single step blocks most of these attacks.

    Stay one step ahead of scammers

    Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.

  1. Check the web address before entering any password. The real Microsoft login always starts with "login.microsoftonline.com" or "login.microsoft.com." If it's anything else, close the page immediately.

  2. Enable passwordless authentication in your Microsoft account settings. This uses the Microsoft Authenticator app to approve logins without codes that can be stolen. Ask your IT department to help set this up.

  3. Report suspicious login emails to your IT department immediately. Forward the entire email, even if you're not sure it's fake. IT teams need to know when attacks are targeting your organization.

  4. Use a password manager to autofill login credentials. Password managers only autofill on legitimate websites, so they won't enter your password on a fake phishing page.

  5. The Bigger Picture

    This development shows that cybersecurity is not a set-it-and-forget-it checkbox. Attackers constantly adapt to our defenses. MFA remains essential and blocks most attacks, but it's one layer in a security strategy that needs multiple protections. Staying informed about new threats and adjusting your habits accordingly is now a basic life skill, just like locking your car or checking before you cross the street.

    How GetCyberRight Can Help

    Our GCR Scam Guard tool detects phishing attempts before you even interact with fake login pages. It provides an additional protection layer that works alongside MFA, not instead of it. Scam Guard analyzes links and websites in real-time, warning you when something looks suspicious. Think of it as a security guard who checks IDs before anyone gets near your door. Visit getcyberright.com to learn how Scam Guard protects your family and workplace from evolving threats like Jalisco and OmegaLord.

    Protect Yourself

    Use our GCR Scam Guard to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: GetCyberRight Intelligence

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.