Hackers Tricking Employees to Bypass Login Security
What We Saw in 2025
Criminals called employees pretending to be IT support and sent real-time fake login pages. This let them break into Microsoft 365, Google, Salesforce, and file systems.
Source: TechRadar
2026 Outlook
More fake helpdesk calls, fake device setup requests, and MFA “approval spam” attacks—especially where SMS codes are still used.
Defender Focus
- Use phishing-resistant MFA (passkeys, security keys)
- Lock down helpdesk reset processes
- Limit who can enroll devices
- Monitor impossible travel logins
References
- TechRadar SSO phishing coverage: https://www.techradar.com
- APWG phishing trends: https://docs.apwg.org
Send a Message
An email will be sent to the owner