www.securityweek.com 7/10/2026, 11:31:56 AM · external

Vishing Attack Hits Microsoft 365 Users via Fake Passkey Logins

Vishing Attack Hits Microsoft 365 Users via Fake Passkey Logins
CyberSIXT Evidence Panel
Primary Source okta.com

A new vishing campaign targeting Microsoft 365 users has been identified, described by Okta as employing voice calls that lead victims to counterfeit login pages prompting passkey registration. The campaign, tracked as O-UNC-066, has chiefly impacted sectors including automotive and healthcare, with attackers registering domains containing 'passkey' to mislead users.

The fraudulent pages mimic Microsoft branding closely, tricking users into allowing attackers to register their own passkeys while seemingly enrolling legitimate ones. The threat actors adapt their tactics in real time based on the victim's MFA requirements, utilizing anti-analysis techniques and custom phishing pages throughout the attack stages. Okta warns that attackers may use BIP-39 seed phrases as distractions while successfully enrolling malicious passkeys in compromised accounts.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline