Microsoft 365: While the Victim Is on the Phone, the Attacker Enrolls Their Own Entra Passkey
A vishing campaign abuses Entra passkey enrollment while victims stay on the phone. Learn how it works and how to defend against it. The post Microsoft 365: While the Victim Is on the Phone, the…
Read the full articleYou might also wanna read
Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users

Microsoft Entra Passkey Enrollment Exploited by Hackers
Discover how hackers are misusing Microsoft Entra passkey enrollment to compromise enterprise accounts. Learn how to protect your organizati
Vishing campaign uses fake Microsoft Entra passkey enrollment to target M365 users
A threat actor is using vishing and fake Microsoft Entra passkey enrollment requests to trick Microsoft 365 users into handing over credenti
hendryadrian.com·1d ago
O-UNC-066 Vishing Campaign Abuses Microsoft Entra Passkey Enrollment
A vishing campaign abuses Microsoft Entra passkey enrollment to hijack accounts, according to a report published this week by Okta Threat In
BEC scammers bypass Microsoft 365 multi-factor authentication
This article explains how BEC attacks work, highlights standard techniques and offers security tips against phishers.

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics

Comments
Sign in to join the conversation.
No comments yet. Be the first.