Hi Guys,

Over the past couple of months, a sophisticated phishing campaign, dubbed “Adversary in the Middle,” has been targeting Office 365 users worldwide. This campaign bypasses Multi-Factor Authentication (MFA) and imitates Office 365, leaving users highly vulnerable to attacks.

The attackers use impersonation techniques and social engineering to deceive victims into revealing their login credentials. They set up fake login pages strikingly similar to Office 365’s official sign-in page. Once the victims enter their login information, the attackers can gain unauthorized access to their accounts, bypassing MFA protection.

Here is how the attack works;

  • The attackers compromise legitimate websites and create fake Office 365 login pages.
  • They send phishing emails to potential victims, impersonating trusted sources, and lure them to click on the malicious links.
  • When victims enter their credentials, the attackers capture the information and gain unauthorized access to their accounts.

To protect yourself from this type of attack, follow these security measures:

  • Examine links before clicking: Hover over links in emails to see the URL before clicking. Ensure the link directs you to a legitimate website, not spoofed. You can also use Incognito’s website checker to quickly determine if a website is safe, providing an extra layer of security when verifying the legitimacy of a site.
  • Be cautious of unexpected emails: Always be sceptical of unsolicited emails, even if they appear to come from a trusted source. Verify the sender’s identity before clicking any links or providing personal information.
  • Enable security features: Ensure you enable MFA for all your accounts. While it might not be foolproof, it adds an extra layer of protection.
  • Keep your software updated: Regularly update your devices, applications, and antivirus software to protect against the latest threats.
  • Educate yourself and others: Stay informed about phishing techniques and share this knowledge with your friends, family, and colleagues.
  • Use a password manager: A password manager can help you create strong, unique passwords for all your accounts and reduce the risk of falling victim to phishing attacks.

Remember to stay vigilant and proactive in defending yourself against phishing campaigns. Taking these precautions can significantly reduce your risk of falling victim to “Adversary in the Middle” attacks and other similar threats.

If you have any questions or concerns related to security and privacy, remember that our dedicated Privacy Care Team is always here to help. You can easily reach out to us within the Incognito app. Our experts will provide tailored advice and guidance to ensure your online activities remain secure and private. Don’t hesitate to contact us whenever you need assistance – your peace of mind is our top priority.

All the best,

Max Roberts,
Incognito Privacy Care Team