We’ve seen a rise in phishing campaigns that use tools like “Axios” or similar to trick users into giving away their Microsoft 365 credentials. These are called Adversary-in-the-Middle (AiTM) attacks — attackers create fake Microsoft login pages that look real but secretly capture your username, password, and even your MFA codes.
This is especially a risk for those of us who:
Travel often and sign in from hotels, airports, or coffee shops
Handle a large number of customer emails and shared document links daily
Here’s how to protect yourself:
Hover your mouse over any link in an email before clicking.
Official Microsoft 365 logins should only ever start with:
If the link looks strange, has extra words, or doesn’t match Microsoft’s domains — don’t click it.
Attackers often send fake “Someone shared a document with you” messages.
Instead of clicking the email link, go directly to:
OneDrive / SharePoint / Teams via your normal apps or Office.com.
If the document is real, you’ll find it there.
Never enter your Microsoft 365 password into a site reached from an unusual or unexpected email.
If you’re unsure, stop and contact IT before entering anything.
Do not reuse passwords from other websites.
If you get an MFA prompt unexpectedly (you’re not actively signing in) — do not approve it.
Report it to IT immediately. This could mean someone is trying to use your stolen credentials.
Avoid logging in from public WiFi (airports, hotels, cafes) without a VPN.
When traveling, let IT know your city/state so unusual login locations don’t trigger false alarms.
Be extra cautious about emails while traveling — attackers know road warriors are more distracted.
Unexpected password resets or MFA prompts
Emails sent from your account that you didn’t write
New rules in Outlook (e.g., forwarding all mail to another address)
Microsoft login page that “flickers” or reloads multiple times before logging you in (a sign of AiTM proxying your session)
If you notice any of these, contact IT immediately.
If you think you accidentally entered your credentials into a bad link:
Call IT right away.
Change your Microsoft 365 password immediately.
We’ll help review your mailbox for suspicious activity and secure your MFA.
✅ Bottom Line: Slow down before you click. If in doubt, don’t log in — ask IT. Protecting your credentials protects not only you, but also our customers and company data.