Protecting credentials against social engineering

Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee.

In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing (text-based phishing) cyberattack that targeted a legitimate, highly-privileged user with social engineering—allowing the cyberattacker to impersonate the victim and weaponize a help desk to remove their multifactor authenticated device and register their own.

Read more…
Source: Microsoft