Phishing attack targets Microsoft authentication system affecting over 150 organizations

A new phishing campaign has targeted over 150 organizations by spoofing Microsoft's authentication system. Cybercriminals impersonate the company's IT team, tricking users into re-authenticating through a fake login page that resembles their organization's real site. The phishing emails claim system upgrades and include a link to a fraudulent page that captures login credentials and multi-factor authentication codes. Attackers then use this information to access sensitive data and manipulate accounts. This campaign primarily affects organizations in education, healthcare, and the public sector. Unlike previous attacks, this one appears to be financially motivated rather than focused on espionage.