Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud

A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users’ password and session cookie. Their ultimate goal is to access finance-related emails and to hijack ongoing email threads to commit payment fraud and mount business email compromise (BEC) campaigns against other targets, … More →

The post …

bec scams bypass cookies don't miss enterprise fraud mfa microsoft microsoft 365 office office 365 payment phishing session