ABT Blog

Read about mortgage technology solutions topics

phishing

13 min read

ConsentFix v3: The OAuth Consent Phishing Toolkit That Bypasses MFA for Financial Institutions

Justin Kirsch: Mon, Jun 01, 2026

In This Article The Attack That Skips MFA How ConsentFix v3 Actually Works Why Financial Institutions Are the Target What Stops This (and What Does...

phishing cybersecurity MFA Compliance Microsoft 365

14 min read

The Exploit: Anatomy of a Modern Cyber Heist Part 2 - The Perfect Phish

Justin Kirsch: Tue, May 12, 2026

In This Article Tycoon2FA: 13 Million Phishing Emails in a Single Month How Adversary-in-the-Middle Attacks Defeat Standard MFA NYDFS Part 500 Is Now...

phishing FFIEC mortgage industry Microsoft 365

Microsoft Defender for Office 365 anti-phishing configuration for credit unions, banks, and mortgage companies

19 min read

Microsoft Defender for Office 365 for Financial Institutions: The Anti-Phishing Configuration Examiners Expect

Justin Kirsch: Thu, May 07, 2026

In This Article The Phishing Reality for Banks, Credit Unions, and Mortgage Companies in 2026 What You Actually Own: Defender for Office 365 Plan 1...

phishing FFIEC mortgage industry Microsoft 365

Phishing-resistant MFA for financial institutions: hardware-backed FIDO2 security keys, passkeys, and Microsoft Entra ID Conditional Access protecting against AiTM, credential theft, and phishing attacks

16 min read

Phishing-Resistant MFA for Financial Institutions: Why FFIEC, NCUA, and OCC Examiners Now Expect FIDO2, Passkeys, and Hardware Keys

Justin Kirsch: Sat, May 02, 2026

In This Article What "Phishing-Resistant" Authentication Actually Means Why SMS, Push, and One-Time Codes No Longer Pass the Bar What FFIEC Examiners...

phishing multi-factor authentication cybersecurity FFIEC microsoft Data Protection MFA Compliance

Microsoft-branded hero image for ABT blog article: Code of Conduct AiTM Phishing: How 35,000 Users in 13,000 US Organizations Were Compromised in 72 Hours - What Banks, Credit Unions, and Mortgage Companies Must Verify Now. Banks, credit unions, and mortga

18 min read

Code of Conduct AiTM Phishing: How 35,000 Users in 13,000 US Organizations Were Compromised in 72 Hours - What Banks, Credit Unions, and Mortgage Companies Must Verify Now

Justin Kirsch: Sat, May 02, 2026

In This Article What Happened: 72 Hours, 35,000 Users, 13,000 Organizations Why a Code of Conduct Lure Works on Financial Institution Users The...

phishing mortgage industry

VENOM PhaaS QR code AiTM phishing attack targeting financial institution executives

15 min read

VENOM PhaaS: MFA Bypass Targeting Financial Executives

Justin Kirsch: Sat, Apr 25, 2026

Prefer to watch? Why standard MFA does not stop a VENOM QR phishing attack. VENOM relays your authenticator codes in real time, then quietly...

phishing MFA Compliance

Microsoft Teams helpdesk impersonation 9-stage attack chain targeting financial institutions

15 min read

Microsoft Teams Helpdesk Impersonation: The 9-Stage Attack Chain Targeting Financial Institutions

Justin Kirsch: Fri, Apr 24, 2026

In This Article The Attack Nobody Patches For How the 9-Stage Intrusion Works Why Financial Institutions Face Elevated Risk What Guardian Configures...

phishing cybersecurity mortgage industry Microsoft 365

Microsoft 365 device code phishing attack pathway showing token replay from Railway PaaS infrastructure to a compromised financial institution tenant

26 min read

M365 Device Code Phishing: MFA Is Being Bypassed at Scale

Justin Kirsch: Wed, Apr 15, 2026

Prefer to watch? Every security control did its job. The tokens still went to the attacker. Watch the 26-second Short, then the 10-minute walkthrough...