Vishing campaign abuses Entra passkey enrollment
🔔 A threat actor is using voice-based fake security calls to trick Microsoft 365 users into enrolling a malicious Entra passkey. The attacker directs victims to realistic phishing pages that mimic the Microsoft enrollment flow and uses an operator-controlled PHP kit to capture credentials and MFA responses in real time. Okta attributes the campaign to O-UNC-066, linked to the extortion group Pink, which targets multiple industries and quickly exfiltrates data after account takeover.
