Microsoft 365 business users targeted with new DocuSign phishing scam


In an effort to compromise the accounts of company executives and fraudulently redirect business money, a new business email compromise (BEC) campaign has been targeting Microsoft 365 enterprises.

Researchers from the cyber security company Mitiga discovered that the hackers are taking use of built-in flaws in Microsoft Authenticator, the multi-factor authentication (MFA) feature of Office 365, and Microsoft 365 Identity Protection. In order to compromise email accounts, the assaults mix spear-phishing techniques with man-in-the-middle techniques. Read More…