The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

from Dark Reading https://ift.tt/1vZGwfi
via IFTTT