New Phishing Attacks Can Bypass Multi-Factor Authentication on Microsoft 365
Two sophisticated phishing toolkits are tricking users into handing over their MFA codes in real time, giving hackers access to Microsoft 365 accounts.
Source
GetCyberRight Intelligence
Original headline: New Phishing Kits Bypass MFA on Microsoft 365
Plain-English summary by GetCyberRight. Read the full report at the source above.
What's Happening
Two new phishing toolkits called Jalisco and OmegaLord are successfully bypassing multi-factor authentication (MFA) on Microsoft 365 accounts. These attacks don't break through your security protections. Instead, they trick you into approving legitimate login requests while hackers steal your access in real time.
The Details
Think of MFA as a second lock on your front door. Even if someone steals your key (password), they still need your approval code to get inside. These new phishing kits work like a skilled con artist standing between you and your door.
Here's how the attack works: You receive what looks like a legitimate Microsoft login page asking for your password. When you enter it, the attacker immediately uses that password to try logging into your real account. This triggers Microsoft to send you an actual MFA code or approval request. Since you just tried to log in (or so you think), you approve it. The attacker now has complete access to your account.
The entire process happens in seconds. The fake login page looks identical to Microsoft's real one. You're responding to a genuine MFA request from Microsoft. Everything feels legitimate because the attackers are operating in real time, using your credentials as you provide them.
Who Is Affected
Anyone using Microsoft 365 for work or personal use should pay attention. This includes professionals accessing work email, small business owners managing company accounts, and families using Microsoft services like Outlook, OneDrive, or Teams.
The risk is highest for people who regularly receive login links through email or text messages. If your work involves handling sensitive information, financial data, or access to company systems, you're a prime target for these attacks.
What You Should Do Right Now
Never click login links in emails or texts. Instead, type the website address directly into your browser or use a bookmarked link you created yourself.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Check the website address carefully before entering credentials. Look for subtle misspellings like "microsofft.com" or extra words like "microsoft-login-verify.com."
Question unexpected MFA requests. If you get an approval notification but didn't just try to log in, reject it immediately and change your password.
Use hardware security keys for MFA when possible. These physical devices provide stronger protection than codes sent via text or app because they verify the actual website address.
Report suspicious login pages to your IT department or Microsoft. Your report could protect others from falling victim.
The Bigger Picture
This attack represents a troubling evolution in phishing tactics. Cybercriminals are no longer trying to break through security measures. They're engineering situations where we willingly hand over access. As authentication methods get stronger, attackers are getting better at manipulating human behavior. Staying informed about these tactics is your best defense against becoming a victim.
How GetCyberRight Can Help
Our GCR Scam Guard tool is designed to detect sophisticated phishing attempts like Jalisco and OmegaLord before you interact with them. It analyzes links and login pages in real time, identifying the subtle signs that distinguish fake pages from legitimate ones. Even when phishing kits evolve to bypass traditional security measures, Scam Guard provides an additional layer of protection for your family and business.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
New Phishing Attacks Beat Multi-Factor Authentication on Microsoft 365
Two sophisticated phishing kits are bypassing MFA protections on work accounts. Here's what you need to know to stay protected.
4 min readUS Sanctions VPN Service That Helped Criminals Attack Hospitals and Schools
The US government sanctioned a VPN provider for helping ransomware gangs hide attacks on critical infrastructure. Here's what families need to know.
4 min readCriminal VPN Service Sanctioned for Helping Ransomware Attacks
The US Treasury sanctioned a VPN provider used by ransomware gangs to attack hospitals, schools, and cities while hiding their identities.
4 min readJapan's Largest Taxi Operator Shuts Down After Cyberattack
Nihon Kotsu forced offline to contain breach, affecting thousands. What small businesses can learn from this infrastructure attack.
3 min read