Organizations that are not using Microsoft’s multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled device.
originally published onhttps://blog.knowbe4.com/scammers-use-a-mix-of-stolen-credentials-inbox-rules-and-a-rogue-outlook-client-install-to-phish-internal-and-external-victims
