A Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA).

“Contrary to what one might anticipate, there has been an increase in account takeovers among tenants that have MFA protection,” researchers from security firm Proofpoint said in a report. “Based on our data, at least 35% of all compromised users during the past year had MFA enabled.”