I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022

This post was original published on 27 June 2022

Update 14 July 2022

Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication:

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud – Microsoft Security Blog

Phishing is a high value cyber attack and this motivates the threat actors – you need to take action:

$8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)


Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.

A Quick overview of MFA:

Multifactor Authentication | MFA | Microsoft Security

Original Post:

Here is a story on how the threat actors can bypass your MFA security:

Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)

Of course it uses phishing emails and social engineering to steal your authentication cookies.

phishing emails
Cyber Security Experts | Awareness | Training (cyberawake.co.uk)

Please Note:

I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.

MFA 200