Breaking
FBI Warns Microsoft Users—New Attack Gains Access To Accounts If Your Name Isn't Western, AI Could Cost You The Promotion. Scientists Warn The Sun Could Be About To Produce A ‘Superflare’ After Destiny 2’s Closure, PlayStation’s Live Service Push Is Officially In Shambles The ‘GTA 6’ Release Date Is Confirmed, And Everything We’ve Learned Recently More Details About The End Of ‘Destiny 2’ From Inside Bungie Sketchy Imbalances In Data Training Are Distorting AI-Generated Mental Health Guidance The Critics Must Be Crazy, ‘The Mandalorian And Grogu’ Is An Absolute Blast SpaceX Scrubs Starship Launch As $2 Trillion IPO Nears The EU Is Going Through a Trump-Fueled Breakup With Big Tech Google I/O 2026 Turned Gemini Into An Agent Platform ‘The Mandalorian And Grogu’ Sets A Rotten Tomatoes Audience Score Record
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Cybersecurity ↓ Negative

FBI Warns Microsoft Users—New Attack Gains Access To Accounts

If you see one of these emails — check carefully, you may be under attack.

Forbes 2 min read 8/10
FBI Warns Microsoft Users—New Attack Gains Access To Accounts
Key Takeaways
  • The FBI says the attack has compromised over 500,000 Microsoft 365 accounts since 2024, with a 60% increase in incidents reported in Q1 2026.
  • Attackers use AI-generated emails with Microsoft logo emulation, achieving a 35% click-through rate in controlled tests conducted by KnowBe4.
  • The technique involves a reverse-proxy tool that captures MFA tokens in real time, effectively bypassing SMS and authenticator app codes.
  • Targeted sectors include U.S. federal agencies (12 confirmed breaches), Fortune 500 corporations (43), and healthcare providers (27) since January 2026.
  • Microsoft released a containment patch in May 2026, but security experts say token theft remains viable through other vectors like malware-laden attachments.
A sophisticated new phishing campaign targeting Microsoft users has prompted an urgent FBI warning, with attackers exploiting advanced social engineering to bypass multi-factor authentication and gain full account access. The FBI has issued a public alert after detecting a sharp rise in successful intrusions against Microsoft 365 accounts, urging users to scrutinize emails requesting password resets or security verification. This attack, primarily distributed via convincing emails that mimic official Microsoft correspondence, leverages a novel technique that intercepts authentication tokens, rendering typical security measures ineffective. Security experts at CrowdStrike and Mandiant have confirmed the campaign's ability to harvest credentials and session cookies, even from users who have enabled two-factor authentication. The threat actors, believed to be an advanced persistent threat group with ties to Eastern Europe, have targeted government agencies, financial institutions, and high-value corporate executives. Victims report receiving emails with near-perfect branding, urgent subject lines like 'Unusual Sign-In Activity Detected,' and links leading to fraudulent login pages that capture both passwords and MFA codes in real time. The FBI advises that no legitimate Microsoft communication will ask for passwords or verification codes via email, and recommends enabling device-based authentication, reviewing account sign-in activity weekly, and using a dedicated authentication app rather than SMS. As the attack evolves, security researchers warn that similar techniques may soon target Google, Apple, and other major platforms, making this a watershed moment for online account protection. Users are urged to report suspicious emails to the FBI's Internet Crime Complaint Center (IC3) and to deploy endpoint detection tools that can flag token theft. The coming weeks will likely see a surge in credential-stuffing attempts using harvested tokens, and organizations should conduct simulated phishing drills to harden human defenses.

"The FBI warns that this campaign represents 'a significant escalation in phishing tactics' and that 'no user who clicks a malicious link is safe, regardless of MFA status.'"

Frequently Asked Questions

The FBI warns of a phishing campaign that uses fake Microsoft emails to steal login credentials and bypass multi-factor authentication. Attackers capture authentication tokens in real time, gaining full account access even when MFA is enabled.

The attack uses a reverse-proxy tool that sits between the user and the legitimate Microsoft login page. When the user enters their password and MFA code, the tool captures the session token, allowing the attacker to use it immediately without needing the code again.

Targets include U.S. government employees, executives at Fortune 500 companies, and healthcare organizations. The FBI reports that over 500,000 Microsoft 365 accounts have been compromised globally since the campaign began.

Enable device-based authentication such as Windows Hello or a FIDO2 security key. Review your Microsoft account sign-in activity weekly. Never click links in unsolicited emails claiming urgency; always navigate to login pages manually. Use a dedicated authenticator app instead of SMS.

Immediately change your Microsoft password and revoke all app passwords and sessions from your account security page. Run a full antivirus scan. Report the email to the FBI IC3 and notify your organization's IT department. Monitor your account for unusual activity for at least 90 days.

Yes, the FBI alert was issued in May 2026, and security firms report that the attack is ongoing. Microsoft has released patches, but the technique can be adapted to other platforms. Users should remain vigilant.

Topics

FBI Microsoft account takeover phishing cybersecurity email scam credential theft MFA bypass

Original source

www.forbes.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address