ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Entra passkey enrollment vishing targets Microsoft 365 users

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 1 week ago

Intelligence Summary

A threat actor is using voice-based vishing to trick Microsoft 365 users into enrolling a new Entra passkey. The calls pose as fake security requests and direct victims to complete passkey setup. This can enable account takeover if attackers capture the enrollment flow or redirect authentication. Organizations using Entra ID and Microsoft 365 are at risk, especially users who follow instructions during unexpected calls. Users should verify passkey enrollment prompts via official channels and train helpdesk-resistant verification for account recovery actions.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#social-engineering #microsoft-365 #mfa-bypass #entra #passkey #vishing
Original reporting BleepingComputer Entra passkey enrollment vishing targets Microsoft 365 users
Open original source