Attackers are cross-checking stolen Office 365 credentials on Azure Active Directory in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.
Google's Threat Analysis Group discovered one attacker exploiting five separate zero days in several applications last year, a highly unusual attack pattern.
A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.
Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.
Japanese media conglomerate Nikkei is the latest victim of BEC scams, as companies continue to fall for this form of fraud.