Bottom Line: New phishing campaigns exploit genuine Microsoft authentication dialogs to manipulate users into granting access authorization, bypassing password theft and multi-factor authentication.
Security researchers from ESET have documented a new phishing variant in which attackers do not lure users into stealing passwords, but instead request explicit account access authorization. This circumvents conventional verification mechanisms and multi-factor authentication.
The attack scheme uses genuine Microsoft authentication dialogs. Criminals redirect victims to a deceptively authentic login page that imitates the legitimate Microsoft sign-in procedure. However, after entering login credentials, a modified prompt appears that asks users to authorize access through a “device administrator” or similar role.
The critical difference from traditional phishing lies in the psychology: instead of cryptic requests for passwords, users see a formally correct Microsoft dialog requesting approval. Many users routinely accept such prompts because they occur in genuine administrative scenarios. The authorization thus bypasses multi-factor authentication as well, since the second layer is already controlled by the attacker.
For CISOs, this means that traditional phishing awareness training alone becomes insufficient. Technical measures such as Conditional Access Policies, anomaly detection in authentication processes, and strict restrictions on privileged authorization procedures become increasingly important. The risk particularly affects organizations whose users rely on Azure AD or Microsoft 365.
Source: itwelt.at · Published 16 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.