Okta Warns of Vishing Campaign Hijacking Microsoft 365 Passkey Enrollment
Okta has warned of an ongoing vishing campaign in which threat actors impersonate corporate IT staff to trick employees into enrolling attacker-controlled passkeys for Microsoft 365 accounts. Tracked as O-UNC-066, the campaign combines phone-based social engineering with phishing pages that mimic Microsoft’s passkey enrollment process, enabling attackers to take over user accounts and steal data for extortion. The attacks have targeted organizations across multiple industries, including healthcare, technology, aviation, automotive, construction, and food and beverage. Okta recommends treating unsolicited passkey enrollment requests as suspicious, auditing registered passkeys on privileged accounts, and strengthening user awareness and monitoring for unusual authentication changes.
Reference: scworld.com