Listen to the episode
TLDR
A wave of voice phishing (vishing) calls is targeting Microsoft 365 users across multiple sectors. The caller pretends to be internal IT or a security analyst and pressures the victim into enrolling a new Entra (Azure AD) passkey — usually...
How it works
A wave of voice phishing (vishing) calls is targeting Microsoft 365 users across multiple sectors. The caller pretends to be internal IT or a security analyst and pressures the victim into enrolling a new Entra (Azure AD) passkey — usually...
Red flags
- Unsolicited phone call asking you to register a passkey, scan a QR code, or approve a new sign in method. High pressure urgency tactics ("your account is compromised", "act now or you will be locked out"). Real IT teams never enroll credentials, passkeys or MFA factors on the user's behalf over an inbound call
What to do
- 1Hang up and call your IT helpdesk back on a number from the official company directory. Never approve passkey, MFA or authenticator prompts that you did not initiate yourself. Report the attempt to your security team and review Entra sign in logs for unfamiliar passkey registrations
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/FAQ
Is Microsoft 365 Entra Passkey Enrollment Vishing Scam Targets Office Users a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Unsolicited phone call asking you to register a passkey, scan a QR code, or approve a new sign in method. High pressure urgency tactics ("your account is compromised", "act now or you will be locked out"). Real IT teams never enroll credentials, passkeys or MFA factors on the user's behalf over an inbound call
What should I do first?
Hang up and call your IT helpdesk back on a number from the official company directory. Never approve passkey, MFA or authenticator prompts that you did not initiate yourself. Report the attempt to your security team and review Entra sign in logs for unfamiliar passkey registrations
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.