The attack dominating financial services doesn’t steal passwords. It resets MFA and steals the token.
via crowdstrike.com
Short excerpt below. Read at the original source.
The attacker who hit the most financial services organizations over the past 12 months never phished a password. They called an IT support line, convinced an employee to reset their MFA, and registered their own device on the network. CrowdStrike’s 2026 Financial Services Threat Landscape Report, released this month and covering activity from April 2025 […]