Webinar to address MFA bypass techniques in phishing attacks

Multi-factor authentication (MFA) has long been considered a cornerstone of account security, but attackers are increasingly circumventing it through techniques that exploit authentication workflows rather than stealing credentials. A forthcoming webinar hosted by BleepingComputer will examine these evolving threats and propose detection strategies using behavioral AI to reduce response times for security teams.

The session, titled Stop chasing alerts: Automating email security with behavioral AI, is scheduled for July 8, 2026. It will feature Dan Nickolaisen, Solutions Architect Manager at Abnormal AI, and Eric Danneker, Director of Cyber Vigilance and Defense at Novant Health. The discussion will focus on how modern phishing campaigns, business email compromise (BEC), and account takeover (ATO) attacks leverage trusted services to gain persistent access to corporate accounts without triggering conventional security alerts.

How attackers bypass MFA

One of the most concerning techniques highlighted in the webinar is Device Code phishing. Unlike traditional phishing, which relies on stealing passwords, this method tricks users into authorizing access through legitimate Microsoft authentication pages. Because the user completes a real login and MFA challenge, the attacker gains persistent access without ever obtaining the user’s credentials. This approach effectively neutralizes MFA as a defense, as the authentication process itself is weaponized.

Other tactics discussed will include the abuse of access tokens, which allow attackers to maintain ongoing access to email, cloud applications, and corporate resources. These tokens often evade detection by traditional security controls, such as credential monitoring or email defenses, because they do not rely on stolen passwords or brute-force attacks. Instead, attackers exploit legitimate authorization processes, making it difficult for security teams to distinguish malicious activity from normal user behavior.

Operational challenges for security teams

The shift toward these stealthier attack methods presents significant challenges for security operations centers (SOCs) and incident response teams. Traditional defenses, such as email filtering and MFA, are often ineffective against attacks that abuse trusted authentication workflows. As a result, security analysts frequently detect suspicious activity only after an account has already been compromised, increasing the risk of data breaches or lateral movement within a network.

The webinar will address these operational hurdles, including the high volume of alerts that SOC teams must triage and the difficulty of identifying subtle indicators of compromise. Behavioral AI, as proposed by Abnormal AI, aims to address these gaps by analyzing unusual account activity, suspicious communications, and attack patterns that conventional security tools may overlook. By automating detection and response, organizations can reduce investigation workloads and limit the impact of account takeovers.

Practical takeaways for defenders

Attendees will learn actionable strategies for improving detection and response capabilities. Key topics include:

• Identifying Device Code phishing and similar attacks that bypass traditional protections.
• Recognizing patterns in modern phishing, BEC, and ATO attacks that evade conventional email security controls.
• Using behavioral AI to automate investigations and reduce response times.
• Implementing proactive measures to limit the risks associated with compromised accounts.

The session will also explore how organizations can adapt their security posture to address the growing threat of authentication-based attacks. With attackers increasingly targeting identity and trust mechanisms, defenders must evolve their strategies to detect and mitigate these threats before they escalate into larger security incidents.