RMON Networks Security Advisory

URGENT ALERT: New Voice Phishing (“Vishing”) Campaign Targeting Microsoft 365 Users July 2026 | Client Security Advisory What You Need to Know Cybercriminals are actively targeting organizations with a sophisticated voice phishing (“vishing”) campaign designed to compromise Microsoft 365 accounts. Attackers are calling employees directly, posing as IT support or security personnel, and convincing users… The post RMON Networks Security Advisory appeared first on RMON Networks.

URGENT ALERT: New Voice Phishing (“Vishing”) Campaign Targeting Microsoft 365 Users

July 2026 | Client Security Advisory


What You Need to Know

Cybercriminals are actively targeting organizations with a sophisticated voice phishing (“vishing”) campaign designed to compromise Microsoft 365 accounts. Attackers are calling employees directly, posing as IT support or security personnel, and convincing users to enroll what appears to be a legitimate Microsoft Entra passkey. In reality, they are registering an attacker-controlled credential that provides unauthorized access to the victim’s account. [securityweek.com], [bleepingcomputer.com], [thehackernews.com]

Organizations across multiple industries, including healthcare, technology, construction, aviation, automotive, and manufacturing, have been impacted. [securityweek.com], [bleepingcomputer.com]


How the Attack Works

Step 1: The Phone Call

An employee receives a call from someone claiming to be:

  • Internal IT Support
  • Microsoft Support
  • Security Operations
  • Help Desk Personnel

The caller states that a security update requires the employee to register a new passkey immediately. [securityweek.com], [bleepingcomputer.com]

Step 2: The Fake Website

The employee is directed to a convincing website that:

Step 3: Account Compromise

While the employee believes they are improving account security, the attacker:

Step 4: Data Theft

Attackers commonly target:

  • Email
  • SharePoint
  • OneDrive
  • Teams files
  • Sensitive business documents

Several incidents have led to data theft and extortion attempts. [windowsreport.com], [cyberpress.org]


Warning Signs Your Team Should Know

🚩 Unexpected calls requesting password resets

🚩 Requests to approve MFA prompts you did not initiate

🚩 Instructions to register a new passkey over the phone

🚩 Urgent security requests requiring immediate action

🚩 Login pages reached from links provided during a phone call

🚩 Callers claiming “your account will be disabled” unless action is taken immediately


What Employees Should Do

STOP

Pause before taking any action on account-related requests received by phone.

VERIFY

Contact your IT provider or help desk using a trusted phone number you already have.

NEVER

  • Share MFA codes
  • Approve unexpected authentication prompts
  • Register new authentication methods at a caller’s request
  • Enter credentials on websites provided during unsolicited calls

Recommended Security Controls

Organizations should:

✅ Enable phishing-resistant authentication methods

✅ Monitor for newly registered MFA methods and passkeys

✅ Review Microsoft 365 sign-in activity regularly

✅ Monitor SharePoint and OneDrive for unusual download activity

✅ Conduct periodic security awareness training focused on social engineering and vishing attacks

✅ Require verification procedures for all account recovery and authentication changes

[cyberpress.org], [stateofsur…llance.org], [okta.com]


If You Suspect a Compromise

Immediately contact your IT support team if:

  • You approved an unexpected MFA request
  • You entered credentials after receiving a security-related phone call
  • You registered a passkey or authentication method at someone’s direction
  • You notice unusual account activity

Early detection can significantly reduce the impact of an account compromise.


Need Assistance?

RMON Networks Security Team

If you have questions about this threat, Microsoft 365 security, multifactor authentication, or incident response, contact RMON Networks immediately for assistance.

RMON Networks
Protecting Your Business Through Secure, Modern IT

The post RMON Networks Security Advisory appeared first on RMON Networks.

Share

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0