Okta has issued an urgent warning about a surge in voice phishing—or vishing—attacks targeting Microsoft 365 customers, where attackers impersonate trusted IT support to steal login credentials and bypass multi-factor authentication.
The attacks involve phone calls where threat actors pose as help desk or security personnel, directing victims to phishing websites that closely mirror Microsoft Entra ID login pages. Once victims enter their credentials, attackers capture them in real time and immediately use them to access corporate accounts and data.
These social engineering campaigns are increasingly sophisticated, leveraging caller ID spoofing to make the calls appear to originate from legitimate organizational numbers. The attackers often reference recent security incidents or account issues to create urgency and pressure victims into complying without verification.
Okta recommends organizations educate users about vishing techniques, implement strict call-back verification procedures, and deploy phishing-resistant authentication methods such as FIDO2 security keys or passkeys. The company also advises using conditional access policies that require device compliance checks and location-based verification before granting access to sensitive resources.
The warning follows a broader industry trend of attackers shifting from email-based phishing to voice channels, as traditional email security filters have become more effective at blocking malicious links and attachments. Microsoft 365 administrators are urged to review sign-in logs for anomalous authentication patterns and enable additional verification prompts for high-risk sessions.
