A new type of Office 365 Phishing attack uses the legitimate Microsoft login page to bypass multi-factor authentication. The attack grants certain permissions to threat actors, compromising the target user’s account and its data. SKOUT advises businesses to conduct security awareness trainings, especially covering how to spot phishing attacks. This is becoming increasing important because the sophistication and volume of phishing attacks has been trending up.
See the full advisory at SKOUT.