Threat actors don't need your password or MFA to compromise your users
Cybersift is observing a modern type of phishing attacks on Office 365 users which deviate from the typical fake login web page, we analysts are typically accustomed to seeing. The new phishing attack utilizes device registration to compromise the victim’s account, meaning that the threat actor does not require to steal your password to gain entry. But this modern phishing attack is smarter than you might think. Case Study We analyzed a phishing email which utilized a device registration...
