Uncategorized

When Microsoft’s Login Page Becomes the Phish

What You need to know (and what we do about it)

Traditional phishing gets caught because the domain looks wrong. The certificate is odd, or email scanners flag the URL. These new tricks sidestep a lot of those controls by working through Microsoft’s own endpoints or by using legitimate tenant branding and redirects.

The result: email gateways and users who check the URL can be fooled more easily, and the phishing page can behave like a normal login flow — even asking for additional “info” (custom attributes) or re-prompting for MFA — and still be on a Microsoft domain. That’s why defenders and detection engineers are now treating OAuth and Entra sign-in telemetry as first-class hunting signals. Elastic+1

What attackers can actually do (short version)

Trick users into signing into a malicious tenant or redirect chain that still uses login.microsoftonline.com.

Capture passwords, session cookies, or OAuth tokens and then exchange them for access.

Use custom branding or fonts to visually spoof email addresses or buttons, making the experience look legitimate.

Abuse self-service signup flows and custom attributes to capture credentials without redirecting off Microsoft pages.

Even intercept on-prem password validation (PTA) flows to grab clear-text passwords and OTPs in some cases. YouTube+1

So — how worried should you be?

If you’re using Microsoft 365/Entra with standard settings, there’s risk, especially for high-value targets (execs, finance, IT) and users who receive external links often. The bad news: these attacks are stealthier than classic phishing. The good news: they leave telemetry. If you know where to look (OAuth grants, weird client IDs, suspicious device registration activity, token exchanges), you can detect and respond. Security hygiene still matters and it still helps — it’s just a little more technical now. Elastic

Concrete, practical steps we recommend (we’ll do these for you)

Enforce phishing-resistant MFA (FIDO2 / Windows Hello / certificate-based)
Move high-risk and admin accounts away from SMS/OTP and toward hardware or platform-bound MFA. Attackers capturing an OTP or password may still be stopped by phishing-resistant methods.

Tighten Conditional Access & block risky flows

  • Deny legacy and less secure auth flows unless explicitly required.
  • Require device compliance and limit token lifetimes where practical.
  • Block sign-ins that request unusual OAuth scopes or originate from unknown client IDs.
    These controls increase the attacker effort and create signal for detection. Elastic

Restrict app registrations, consent, and guest signup

  • Limit who can register applications and consent to permissions.
  • Disable or tightly control self-service app signup and external user self-service where not needed.
  • Implement admin-approved app consent policies to stop rogue apps from getting persistent access.

Lock down custom branding & review tenant configuration
Custom branding can be abused to spoof UI elements or fonts. Audit branding changes, remove unnecessary tenant templates, and treat brand files like code — only trusted admins can change them. YouTube

Hunt for OAuth/Entra anomalies
We’ll set up detection rules to look for: unexplained token exchanges, refresh token usage by unusual client IDs, device registration spikes, concurrent sign-ins from geographically disparate IPs, and authorization flows that finish but then promptly register devices. These are high-value signals Elastic, Volexity and others flag as red flags. Elastic+1

Monitor PTA & on-prem auth paths
If a tenant uses Pass-Through Authentication (PTA) or has on-prem agents, monitor and limit who can install agents. Treat PTA endpoints like critical servers and protect them accordingly — they can leak plaintext passwords if compromised. YouTube

Tighter app-and-redirect hygiene
Only allow trusted redirect URIs; remove old app registrations; and require admin approval for apps that request high-impact scopes (mail.read, files.read.all, Directory.Read.All). Think of app registrations like service accounts: audit them monthly.

User education — but realistic
Train users to expect unusual MFA prompts and to verify consent dialogs, but don’t rely on humans alone. Teach execs to verify unexpected “re-sign in” requests with a quick call. We also recommend regular, realistic phishing simulations that include OAuth-style flows so users and controls are tested together.

Incident plan: tokens ≠ passwords
If we detect compromise, assume tokens are abused. Revoke refresh tokens, remove app consents, force device re-enrollment, and rotate credentials. This is faster and more effective than password resets alone in many token-based attacks.

What’s next?

This class of attacks shows attackers leveling up: they’re weaponizing trust — not just tricking users into typing passwords, but using Microsoft’s trust signals against us. That means prevention and detection must work together: harden the platform and hunt the telemetry. The good news: these techniques leave footprints if you know what to look for. We do. You don’t have to learn every obscure attack; you just need an MSP who does.

When Microsoft’s Login Page Becomes the Phish Read More »

MFA Isn’t the Finish Line—It’s the Starting Line

Most businesses now know that passwords alone don’t cut it. Multi-Factor Authentication (MFA) has become the seatbelt of the digital world—and if you’re wearing it, you’re already safer.

But here’s the thing: attackers have gotten smarter. MFA is essential, but it’s no longer the end of the road. If you already have MFA in place, you’re ahead of the pack. Now it’s time to take the next steps to keep your business truly secure.

Use Stronger MFA

Not all MFA is equal. Text messages and phone calls are easy to trick.

  • Use authenticator apps or security keys that can’t be copied by cybercriminals.
  • For executives and anyone who handles money, we raise the bar with stronger protections.
vecteezy businessman holds the key to secure user account with strong 67526092
vecteezy cartoon flat style drawing of businesswoman pushing door 12491998

Guard the Front Door

MFA is like locking your front door. But we can go further:

  • Allow logins only from safe places and trusted devices.
  • Block suspicious locations. If your business is in Omaha, you don’t need someone logging in from overseas.
  • Shorter sessions for critical apps. The higher the risk, the more often we require a quick re-check.

Watch for Cookie Thieves

Hackers don’t just steal passwords anymore—they steal the little “cookies” that keep you logged in.

  • We turn on protections that make those cookies useless to anyone else.
  • We disable old-fashioned logins that criminals love to exploit.
  • We watch for odd behavior, like one account logging in from two different countries at the same time.
vecteezy cute terrified running expression of cookies cartoon character 54635362
vecteezy phishing account vector 173700 1

Close the Side Doors

Sometimes hackers don’t break in—they sneak in.

  • We control which apps can connect to your Microsoft account so employees don’t accidentally click “Allow” on something risky.
  • We limit outside sharing and guest sign-ups unless your business truly needs them.
  • We keep an eye on sign-in pages—because even those can be abused.

Keep People Sharp

Even the best locks won’t help if someone opens the door.

  • We run regular phishing tests so employees learn what a scam email looks like.
  • Instead of boring annual training, we give short, easy refreshers throughout the year.
Data phishing hacking online scam on computer laptop concept generated
vecteezy safety in the hands

Protect the VIPs

Hackers love to target leaders and finance teams.

  • We limit admin access, so no one has “always-on” master keys.
  • We set up hardened devices for sensitive work.
  • We use advanced monitoring tools to spot attacks in real time.

The Bottom Line

MFA is good. Layered security is better.

With attackers constantly evolving, your business can’t afford to stop at “we turned on MFA.” Strengthening access, closing loopholes, and keeping people aware are what truly keep you safe.

That’s how we help you move from we checked the box to we actually sleep at night.”

    MFA Isn’t the Finish Line—It’s the Starting Line Read More »

    Lack of In-House IT: Why Architects Aren’t Meant to Be IT Pros

    Architects design beautiful spaces that shape our communities and the way we live.

    What they shouldn’t have to do?

    Wrestle the plotter when it refuses to print the final set of drawings.

    vecteezy negative emotions in the workplace employees feelings 14048401 1 2

    In many small-to-mid-size architecture firms, there’s no dedicated IT department.

    Instead, the office manager, a partner, or the “tech-savvy” designer becomes the go-to for every slow computer, printer jam, or software crash.

    This “accidental IT admin” role might keep the lights on — but it comes at a cost that’s bigger than most firms realize.

    • Downtime costs between $137 and $427 per minute for small businesses, translating to roughly $8,200–$25,600 per hour — a hit that can derail project budgets fast. (Pingdom)

    • Slow systems drain billable hours – CAD and BIM files can be massive. Delays in opening, saving, or rendering can eat up dozens of hours every month.

    • Backups fail quietly – Without proactive testing, backups can be months out of date or unusable when disaster strikes. (The AIA Trust, Thriveon)

    business man loss money generated
    Hacker Fishing 01 generated

    Cyber threats are rising – 59% of architects, engineers, and contractors experienced a cybersecurity threat in the past two years. (ProWriters)

    Email is a prime attack vector – Phishing, BEC scams, and ransomware increasingly target architecture firms’ client data and finances. (AIA East Bay)

    vecteezy 3d render of building wireframe structure perspective

    Why Architecture IT Needs to Be Proactive

    • Large, complex design files – AutoCAD, Revit, and BIM files require fast, reliable storage and robust network speeds to prevent workflow bottlenecks.

    • Non-negotiable deadlines – Project schedules leave no room for outages or multi-day fixes.

    • Strict confidentiality – Client data and proprietary designs must remain secure against internal errors and external threats.

    The Payoff of Proactive IT for Architects

    • More billable hours – Reduced downtime means your team works on client projects, not tech issues.

    • Fewer project delays – Technology stops being the reason a deadline slips.

    • Protected reputation – Clients trust that their data and designs are secure.

    • Peace of mind – Your team can focus on design, knowing the tech just works.

    vecteezy 5 stars rating review high quality and business reputation feedback 1

    We specialize in supporting architecture firms so they can stay focused on creativity — not firefighting IT problems.

    Where InfiNet Comes In

    • Cybersecurity without disruption – From phishing protection to endpoint defense, we secure your data without slowing your design tools.

    • Performance tuning for design software – We optimize servers, storage, and networks so AutoCAD, Revit, BIM, and rendering tools run smoothly.

    vecteezy database and personal data security cyber security 36324425 1
    vecteezy auto backup file to cloud storage concept flat design icon 67950529

    • Proactive maintenance – We detect and resolve issues before they cause downtime.

    • Secure, reliable backups – We implement monitored, tested backup solutions so files are always recoverable.

    vecteezy professional architect working a project draft 11009284

    We keep architecture firms technology ready, resilient, and responsive — so your team can focus on creating exceptional spaces.

    Let’s make your next project defined by design excellence, not IT downtime.

    Lack of In-House IT: Why Architects Aren’t Meant to Be IT Pros Read More »

    Too Much Talent, Not Enough Strategy: Why Enterprise IT Teams Thrive With Co-Managed Support

    vecteezy 3d isometric flat conceptual illustration of pit stop 66766542 1

    Your IT team is smart, skilled, and fluent in your systems, processes, and organizational quirks. But even that Ferrari of internal IT talent needs a co‑pilot when it comes to strategy, bandwidth, and hitting enterprise-level goals.

    That’s where InfiNet’s co‑managed approach comes in — we don’t replace your in-house IT; we amplify it.

    Where Enterprise IT Teams Still Hit Roadblocks

    • According to Logicalis, the majority of CIOs spend between 60% and 80% of their time on day-to-day IT management, leaving almost no bandwidth for strategic transformation. Gartner The National CIO Review+2Wikipedia+2
    • Only 48% of digital initiatives meet or exceed their intended business outcomes, meaning more than half fall short. EY
    • 58% of IT professionals cite wasteful IT spending as a significant problem—shadow IT, duplicate tools, and unused licenses are bleeding budgets. Wikipedia+6ibm.com+6workday.com+6

    Even elite teams get bogged down by urgent tickets, slide on deadlines, and leave ROI on the table.

    vecteezy flat illustration of three people placing warning cones 66154840

    Why Co-Managed IT Isn’t a “Bolt-On”—It’s a Force Multiplier

    vecteezy the team is designing the app and launching it on a rocket

    With InfiNet’s co-managed model, your team stays in control. We slide in to supplement, support, and supercharge:

    Strategic Alignment – Co-develop priorities and roadmaps that actually align with business goals.

    Project Execution Support – Whether it’s a migration or a major rollout, we give your team the extra horsepower to stay on time.

    Tech Stack Optimization – We audit, manage, and rationalize tool use so your budget fuels adoption and business value.

    Proactive Ops & Monitoring – While your team owns high-level strategy, we keep systems humming, secure, and under control.

    How Co-Managed Strategy Magnifies Enterprise IT
    • Faster delivery on high-stakes initiatives without burning out your top performers.
    • Higher success rates by infusing accountability, KPIs, and cross-functional ownership.
    • Cost efficiency by cutting tool waste and aligning spend with strategic outcomes.
    • Creating space for Innovation — we handle the operational grind so your IT talent can focus on advancing the business.
    vecteezy the team is processing cloud server analyst data 9160041 1
    vecteezy computer problem bw vector spot illustration sad emoticon 24551604

    Signs You’re Ready for a Co-Managed Partner

    • Your team’s excellent—but overloaded with day-to-day fires.
    • Tools are underutilized or licenses are piling up.
    • Digital initiatives fall off-track or flatline in impact.
    • Internal capacity exists, but not enough runway for future-critical work.
    cropped website logo2 scaled

    Why InfiNet?
    We’ve been co-piloting enterprise IT teams since 1998. We integrate into your culture, speak your language, and bring the stretch goals within reach—no disruptions, just multiplied impact.

    Your Next Lap

    You’ve built a strong engine. Let’s give it a navigator, strategist, and boost of power.

    vecteezy racing pit stop composition 19775406

    InfiNet Solutions — your co-managed IT partner for enterprise-level scale.

    Too Much Talent, Not Enough Strategy: Why Enterprise IT Teams Thrive With Co-Managed Support Read More »

    Windows 10 Has an Expiration Date — Are You Ready for What’s Next?

    What Every Business Needs to Know Before October 2025

    vecteezy flat design off system error illustration concept

    The Situation:

    Microsoft is officially ending support for Windows 10 on October 14, 2025.

    No more security updates from Microsoft

    No more bug fixes from Microsoft

    No more technical support from Microsoft

    If your business is still relying on Windows 10 after that date, you’re operating on unsupported software — and that opens the door to risk, disruption, and compliance headaches.

    Why This Matters:

    Your systems need to stay secure and supported

    Your team needs to stay productive and connected

    Your tools need to stay compatible and stable

    Your business needs to keep moving — without surprises

    1467 scaled

    Waiting too long puts all of that at risk.

    Especially if you’re in a regulated industry like legal, healthcare, or finance.

    vecteezy people using online appointment concept modern flat vector 20811039

    What You Should Be Doing Now:

    Auditing devices to identify what can be upgraded vs. what needs replacing

    Testing key applications in Windows 11 environments

    Planning phased rollouts to minimize disruption

    Engaging vendors early to confirm compatibility

    Budgeting strategically to avoid last-minute pressure

    Let’s make sure your upgrade isn’t a scramble.

    We’ll help you build a smart, low-stress plan that fits your timeline, tools, and team.

    Windows 10 Has an Expiration Date — Are You Ready for What’s Next? Read More »

    Call Now Button