DemoBlade

Threat post logo

News

Beta news logo

Bleeping computer logo

Employees using Microsoft Office 365 are targeted in a phishing campaign that makes use of bait messages camouflaged as automated SharePoint notifications to steal their accounts.

Office 365 phishing baits employees with fake SharePoint alerts

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.

Attackers bypass multi-factor authentication to hijack email accounts

Health it security logo

Dark reading logo

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.

Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Business Email Compromise Attacks Involving MFA Bypass Increase

Researchers observed an increase in business email compromise phishing campaigns able to bypass MFA, while Trend Micro found an uptick in BEC scams targeting executive Office 365 accounts.

BEC Phishing Campaigns Bypass MFA, Target Office 365 Executive Accounts

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place.

Attackers Hone in on MFA Bypass Options for Account Takeovers

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain…

description

spraying, techniques, common, mount, account, takeovers, methodical, cybercriminals, able, gain, access, accounts, secure, password, protocols

keywords

https://images.abnormalsecurity.com/production/images/press/threat-post-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631720028&s=b8c5a0070734ff65b23294606fc23fb2

https://abnormalsecurity.com/about/news/attackers-hone-in-on-mfa-bypass-options-for-account-takeovers

referrer

robots

twitter:card

twitter:creator

twitter:description

https://images.abnormalsecurity.com/production/images/press/threat-post-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631720028&s=8193d176b3e66215b98f5517e3e2ccc2

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Attackers Hone in on MFA Bypass Options for Account… | Abnormal"}}

Demo

Schedule a Demo

AI's Role in Cyber Defense

CNBC Disruptor 50: Abnormal Security

Generative AI Could Revolutionize Email—for Hackers

Ones to Watch in Tech

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

Newsroom

<p>Abnormal Named a Leader in Gartner® Magic Quadrant™ </p>

vs Mimecast

vs Avanan

Secondary CTA

Whether FormComplete is utilized on a form

FormComplete

CTA Display

What text is displayed on the primary CTA (see sheet for details on copy)

Primary CTA Text

Form Columns

chakra-ui-ChakraProvider

Button

Footer

FramerWrapper

Container

Screen

PrimaryCtaText

FormColumns

CtaDisplay

VsMimecast

SecondaryCta

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

plasmic-nav

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

loading-boundary

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

Abnormal Marketing

antd5 hostless

react-slick

react-quill

Gartner mq 4x

Analyst Research

Gartner names Abnormal a Leader in Email Security Platforms, placed furthest for Completeness of Vision.

Abnormal Named a Leader in 2024 Gartner® Magic Quadrant™

Email Security

B 5 Emerging Attacks to Expect in 2025 White Paper

Threat Reports

Explore five emerging email threats for 2025 and learn how AI-native solutions can protect your organization from evolving cyberattacks.

Inbox Under Siege: 5 Email Attacks You Need to Know for 2025

Threat Intel

B 1500x1500 MKT743 CISO Guide to SOC Productivity

White Papers

Explore how AI-driven automation is transforming SOC operations and enabling security teams to combat modern threats more effectively.

CISO Guide to SOC Productivity

Security Operations Center (SOC)

Attackers Hone in on MFA Bypass Options for Account Takeovers

Get AI Protection for Your Human Interactions