A new type of Office 365 Phishing attack uses the legitimate Microsoft login page to bypass multi-factor authentication. The attack grants certain permissions to threat actors, compromising the target user’s account and its data. SKOUT advises businesses to conduct security awareness trainings, especially covering how to spot phishing attacks. This is becoming increasingly important because the sophistication and volume of phishing attacks have been trending up.
See the full advisory at SKOUT.