A serious cyber threat targeting Microsoft 365 users what you need to know

If your business relies on Microsoft 365 and you’re a small or mid-sized company this one’s for you.

Our Cyber Security Team here at inTEC GROUP has been busy testing a worrying real-world threat in our lab: it’s called Evilginx, and it’s designed to trick even the most cautious users.

What is Evilginx?

Evilginx is a phishing tool used by cybercriminals to steal your login credentials and crucially, your multi-factor authentication (MFA) tokens. Here’s how it works:

  • You’re sent a link that looks legitimate. When you click it, you’re taken to what appears to be a real Microsoft login page except it’s not. It’s embedded in a fake website, designed to capture your details.
  • Once you type in your credentials, the attacker doesn’t just get your password they also get your MFA token. These tokens can be converted into cookies and used to bypass your MFA altogether. In short: full access to your Microsoft 365 account.

We put it to the test

We recreated this attack in our lab to understand how it operates. The screenshot below shows our test server intercepting data, all while displaying what looks like a genuine Office 365 login page.

The scary part? It does look real unless you check the domain name closely. That’s your biggest clue something’s not right. Always double-check the web address before logging in.

How to protect your business

Here are a few practical steps you can take right now to reduce your risk:

  • Restrict access to Microsoft 365 so only trusted, company-managed devices can log in
  • Use tools like our inFORCER to lock down your Microsoft security settings
  • Block malicious websites before they reach your network using inCONTROL DNS filtering
  • Make sure Microsoft Defender is fully set up and properly configured
  • Enable Safe Links and Safe Attachments to catch phishing attempts before they reach your inbox

If you’re not sure whether your current setup is secure or if you just want a second opinion feel free to get in touch. We’re always happy to have a chat about how our cyber security solutions (including the tools above) can help keep your business safe.

Stay vigilant and stay safe,

The inTEC GROUP team