Today there is an excellent illustration of how a phishing attack works on SANS Internet Storm. It is complete with the offer of something the victim wants and then simply steals the Microsoft credentials the victim supplies – all because of a well-crafted spam email.
Credential Harvesting with Telegram API – SANS Internet Storm Center
Have a look at the blog post there – because it explains why your team needs to be kept up to date with latest ways that threat actors set about compromising your organisation’s cyber security by simply stealing the keys to the door – credentials…
Online Cyber Security Awareness Training
Ah, you say, “We have MFA enabled”.
You have to have MFA enabled but it is not the complete security solution as it can be defeated: