![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 22%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Hey there, R Buck
We've had a few instances, just in the last few days, where someone put there credentials in after following a link, giving them to access to the M365 account. How are hackers able to add MFA options.
What they do is create systems that look like Microsoft sites and systems, but in actual fact, they are not.
So a user visits a site and thinks 'Oh, a Microsoft site, I will sign in with my credentials'. Their system then takes your login information, generally a bot, and will enter your username and send a MFA request.
The user thinks they are verifying their login on a genuine system. When actually, it is a bot or hacker that is signing into their account back end. Once they have done this, they will change the users security settings. Thus locking them out.
A common method they use is Minecraft and Discord. They lour people into their Discord server and ask them to authenticate using their Microsoft account. The user authenticates, thinking they are entering an official Microsoft Discord server from Minecraft & Xbox. They don't realise that the system then logs into their account, changing their entire login information, locking them out of their Microsoft account.
How do we resolve this? This is happening more and more and it's getting frustrating. I do understand that this is a user issue, but no amount of training resolves users being in auto-pilot while working.
Unfortunately, it is a user issue and is frustrating. However, users need to be educated that they should not use unofficial sites.
I often tell people that if they get a 'request from Microsoft to verify their terms of service', to just ignore the email and visit the Microsoft terms of service manually by using a web browser.
I would also make sure users are aware of SCAMS and Phishing attempts and how to spot them. At work, we use a service that provides training on Phishing scams.
Hope this helps,
Nathan