sso mfa

SSO MFA (single sign-on with multi-factor authentication) is a common enterprise security configuration, but it is increasingly targeted by sophisticated social engineering attacks. Recent threat intelligence from Mandiant highlights coordinated vishing campaigns, including those linked to the ShinyHunters group, that use real-time voice calls and convincing credential-harvesting pages to compromise SSO-protected SaaS accounts. Attackers aim to enroll their own MFA devices, bypassing the intended security of SSO MFA to steal sensitive cloud data for extortion. These attacks underscore that SSO MFA alone is not sufficient against advanced voice phishing, and organizations must adopt additional defenses such as phishing-resistant MFA and user awareness training.