Who needs MFA when you’ve got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…
A few times a year I get a wave of false 2 factor requests for Microsoft accounts. It’ll be persistent for a few days or a week, and then stop.
I always get the impression they are hoping the user will just click accept on one of the notifications to make them stop.
This has been happening to me the past few weeks, so I tried turning off app notification sign-in, and the attacker switched to entering passwords until it locked my account.
The only way to unlock it is to reset the password, and MS won’t let me keep my old one … why can’t I use the old one again, especially if I recently changed it already?! The attackers clearly don’t know it, but now they can make me go through the effort of setting a new password every day until I enabled app notification login again.
And then they just switched back to MFA phishing again. The attacker has even stopped bothering making the login request look like it’s coming from the same country I live in.
