Phishers steal Office 365 users session cookies to bypass MFA commit payment fraud


Since September 2021, a huge phishing campaign that targets Office 365 customers in over 10,000 organisations has been able to get past the multi-factor authentication safeguards put in place to secure the accounts.

According to Microsoft experts, their ultimate objective is to get access to emails pertaining to finances, hijack active email threads, and engage in payment fraud in order to launch business email compromise campaigns against further targets. Read More…