< Return to News <

Adversary in the Middle Phishing: How to Protect Your Business

Cybercriminals are constantly evolving their tactics, and one of the latest phishing techniques combines 2 methods to be particularly effective. After an account is compromised instead of using email to send a phishing message, attackers have begun uploading a file to OneDrive or Sharepoint and then using those services to send document sharing requests. They are embedding a link in the document that when clicked will redirect to what looks like a Microsoft Login page. These methods allow them to successfully deliver their Phishing email via a compromised account and allow them to capture the MFA token. Once they have the MFA token, they can bypass MFA protections and compromise your account.

Illustration of an adversary in the middle phishing attack using a fake login page to steal session tokens.

Understanding Adversary in the Middle Phishing Attacks

  1. Compromised Employee Accounts – An attacker gains access to an employee’s email account, often through previous phishing attempts or credential theft.
  2. Deceptive Internal Distribution – The attacker then uses that account to access File Share or Collaboration applications and sends document sharing requests. Since the email originates from a legitimate application, it easily bypasses traditional email security filters.
  3. Fake Login Pages & Session Hijacking – The email contains a legitimate-looking link to a shared document, which leads to a fake Microsoft login page. This page may even accept MFA pushes or number matching, creating a false sense of security. However, it does not actually log in to anything.
  4. Error Message & Account Compromise – Once credentials are entered, the attacker intercepts the session token using a reverse proxy. By the time the user sees a login error message, their account has already been compromised.

Key Warning Signs of This Attack

  • A user reports that they are logging in but receiving a login error message.
  • Unexpected, shared document notifications.
  • PDF attachments containing clickable images that direct users to external login pages.

Why Traditional Email Security Measures Fail

Most email security systems are designed to detect external threats, suspicious attachments, or known phishing indicators. However, since these phishing emails originate from a collaboration or file share service — security filters won’t flag them as malicious. That makes this attack extremely effective and difficult to detect with email scanning technology.

Best Practices for Protecting Your Organization

  1. Enhance Cybersecurity Awareness Training – Educating employees on the latest phishing tactics is the best defense. Teach staff to be cautious of unexpected shared document emails, even from known colleagues.
  2. Implement Multi-Factor Authentication (MFA) – Require MFA for all employees to prevent unauthorized access to accounts, even if credentials are compromised.
  3. Check with the sender – Implement security policies that require verification before accessing shared files, ensuring employees double-check with senders before opening unexpected links.
  4. Monitor & Analyze Account Activity – Set up alerts for unusual login locations, rapid file sharing, or mass emails being sent from an account.
  5. Foster a Security-First Workplace Culture – Employees should feel comfortable reporting suspicious emails without fear of repercussions. The quicker an attack is identified, the less damage it can cause.
  6. Device Authentication – Mobile Device Management (MDM) and Zero-Trust Network Access (ZTNA) require device authentication to access services, effectively adding another factor to multi-factor authentication (MFA). With device authentication, the device itself serves as a verification factor, ensuring the user’s identity.

Strengthen Your Cybersecurity with Louisville Geek

Adversary in the middle phishing attacks are becoming more sophisticated. Organizations must stay proactive by prioritizing cybersecurity awareness training and implementing strong security measures to prevent these threats from spreading.

If you want to learn how to protect your organization from this type of attack, contact Louisville Geek. Our IT security solutions go beyond just training—we can evaluate your entire cybersecurity ecosystem, identify vulnerabilities, and implement strategies to safeguard your business against emerging threats. Our experts can help strengthen your cybersecurity defenses and provide the necessary training to keep your business safe.

Get expert IT tips, industry insights, and updates on the latest managed IT solutions for your business. Stay ahead of the competition and ensure your IT systems are optimized with Louisville Geek’s trusted services.

Stay updated by signing up for our newsletter

Company Statement

Louisville Geek delivers comprehensive Managed IT Services, providing businesses with proactive support, expert solutions, and cutting-edge technology to ensure seamless operations and security.

Managed IT Services

Enterprise IT Services
Cloud Services
Network Management
IT Security Solutions
Incident Response
Disaster Recovery & Business Continuity
Low Voltage Services
VoIP Management
Web & Software Development
IT Project Management Services

soc2
EOS