The CSSF has been made aware of ongoing phishing campaigns targeting organisations using Microsoft 365, specifically Office 365 tenants where multi-factor authentication (MFA) is not enforced. CIRCL, the Computer Incident Center Luxembourg, published a report on this subject, including recommendations, available at this URL: https://www.circl.lu/pub/tr-94/. The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.
Phishing targets Microsoft 365 users without multi-factor authentication.
Ongoing phishing campaigns target organizations using Microsoft 365, specifically Office 365 where multi-factor authentication (MFA) is not enforced. The attacks use sophisticated social engineering tactics and convincing phishing pages to harvest user credentials.
