A dangerous phishing-as-a-service platform called VoidProxy is enabling attackers to bypass traditional protections—even MFA.
Attackers send messages from high-reputation domains, often embedding a link inside a PDF that appears to come from a trusted source like DocuSign. Once opened, users are redirected to a real Microsoft login page. The credentials and MFA code you enter generate a token, which is silently captured and reused by attackers to access compatible applications.
Prevention Strategies:
- User Awareness: Train staff to recognize unusual login requests (for example, a PDF that launches a Microsoft login screen).
- Token Binding & Device Compliance: Use Microsoft Conditional Access Token Binding and require managed, compliant devices via Intune to make stolen tokens useless.
Phishing-as-a-service is lowering barriers for would-be attackers since they can now subscribe to purpose-built attack platforms that put your organization at risk. More than ever, it’s important to combine user vigilance with modern authentication protections to defend against these evolving attack techniques.