New phishing campaigns exploit genuine Microsoft authentication dialogs to manipulate users into granting access authorization, bypassing password theft and multi-factor authentication.