Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication (MFA) protection to hijack enterprise Microsoft accounts.

Read full article on Help Net Security