AiTM Phishing: The Silent Attack That Bypasses MFA and Steals Your Session in Seconds

You enabled multi-factor authentication. Your employees are trained to use it. You feel safe.

You're not.

A rapidly growing class of phishing attack — called Adversary-in-the-Middle (AiTM) phishing — doesn't need your password and doesn't care about your MFA code. It sits silently between your employee and a legitimate website, watches the authentication happen in real time, and walks away with a stolen session cookie worth more than any password. By the time your security team gets an alert, the attacker is already inside your Microsoft 365 inbox, your cloud systems, and your financial portals.

This isn't theoretical. AiTM attacks were behind some of the most damaging breaches of the last two years — and they're accelerating.

---

What Is an AiTM Phishing Attack?

Traditional phishing steals credentials: you type your username and password into a fake login page, and the attacker captures them. Simple, well-understood, and increasingly caught by security tools.

AiTM phishing is different. Instead of a static fake page, the attacker deploys a real-time reverse proxy — a piece of infrastructure that sits between the victim and the genuine website (like Microsoft, Google, or a banking portal). When your employee clicks the malicious link and "logs in," here is what actually happens:

1. The employee's browser connects to the attacker's proxy server, which looks identical to the real login page.
2. The proxy forwards every request — username, password, MFA code — to the real Microsoft or Google server.
3. The real server validates everything, including the MFA token, and issues an authenticated session cookie.
4. The proxy captures that session cookie and hands it to the attacker.
5. The employee is redirected to their real inbox, completely unaware.

The attacker now has a live, fully authenticated session cookie. They don't need the password. They don't need the MFA code. They simply import the cookie into their browser and they're in — with the same access as your employee.

Open-source toolkits like Evilginx, Modlishka, and Muraena have made this attack trivially easy to deploy. Security researchers first flagged these tools years ago, but the criminal ecosystem has now commoditised them. AiTM-as-a-service kits are sold on dark web forums for as little as a few hundred dollars.

---

Why Your MFA Won't Save You Here

This is the uncomfortable truth that security teams are grappling with right now: most forms of MFA do not protect against AiTM phishing.

SMS codes, authenticator app TOTPs (time-based one-time passwords), and even push notifications are all vulnerable. The attacker isn't breaking MFA — they're letting you complete it and then stealing the result. The session cookie is the prize, and it's handed over automatically by the server the moment authentication succeeds.

The only forms of MFA that resist AiTM attacks are phishing-resistant by design:

• FIDO2 / Passkeys — hardware-bound keys that cryptographically bind authentication to the legitimate domain. A proxy can't replicate this binding.
• Certificate-based authentication (CBA) — where a device certificate verifies the session origin.

For most organisations still relying on SMS OTPs or authenticator apps, AiTM is an open door.

---

A Real-World Scenario: The Invoice That Cost £3 Million

Consider what happened to a mid-sized UK logistics firm in late 2025 (details anonymised). A finance manager received an email that appeared to come from a supplier — complete with accurate invoice details pulled from a prior email chain (likely obtained through an earlier credential compromise).

The email included a link to "review the updated payment portal." The manager clicked, completed the familiar Microsoft login flow including their MFA push notification, and was redirected to what looked like the real supplier portal. Everything felt normal.

Within 11 minutes, the attacker — now authenticated into the manager's Microsoft 365 account — set up inbox rules to silently forward emails to an external address, identified an active wire transfer thread, inserted themselves into the conversation, and redirected £3.1 million to a mule account.

The stolen session cookie expired after eight hours. The attacker was done in less than one.

The finance manager had done everything "right." They'd used MFA. They hadn't shared their password. They were still compromised.

---

How AiTM Phishing Campaigns Are Delivered

AiTM attacks follow a recognisable delivery pattern that your employees need to know about:

Lookalike domains with SSL certificates. The phishing URL will use a convincing subdomain or typosquat — something like login.microsoftonline-secure.com or accounts.google-verify.net. Modern attackers always use HTTPS (the padlock), so "look for the lock" is now dangerous advice.

Spear phishing and context hijacking. The most dangerous AiTM campaigns aren't spray-and-pray — they're targeted. Attackers harvest context from LinkedIn, prior email breaches, or compromised accounts to craft messages that feel completely legitimate.

Legitimate redirect chains. Many AiTM campaigns abuse trusted services — Google Docs links, SharePoint redirects, even Microsoft Azure blob storage URLs — to pass email security filters and arrive in the inbox looking clean.

QR codes in attachments. Increasingly, the AiTM proxy URL is embedded in a QR code inside a PDF attachment, bypassing URL scanners entirely. The employee scans the code with their mobile device, which typically has fewer security controls.

---

Detecting AiTM Attacks Before the Damage Is Done

If your MFA won't stop it, detection becomes critical. Here's what security teams should look for:

Impossible travel alerts. If an employee authenticates from London at 9:02 AM and a session from the same account is active in Eastern Europe at 9:08 AM, something is wrong. Most SIEM tools and Microsoft Entra ID's conditional access policies can flag this automatically.

New inbox rules created shortly after login. Attackers consistently create forwarding or deletion rules immediately after gaining access. Alert on any inbox rule creation from an unfamiliar IP or device.

Token replay from unusual IP ranges. Session cookies issued to one IP address being used from a different country or ASN is a strong AiTM indicator.

Anomalous MFA activity. Multiple MFA prompts in quick succession, or MFA completions followed immediately by no user activity in the account, can indicate a proxy intercept.

---

What Your Employees Can Do Right Now

While technical controls matter enormously, human awareness is the first and most important line of defence. AiTM attacks depend on an employee clicking and authenticating. Train your people to:

Always verify the URL before authenticating. Not just the padlock — the actual domain. Bookmark your login portals and use those bookmarks rather than links in emails.

Treat unexpected login prompts with suspicion. If an email asks you to log in to something you weren't expecting to use, verify through a separate channel before proceeding.

Report anything that feels slightly off. The 11-minute window in the logistics example above is typical. Fast human reporting — even a hunch — can trigger an incident response before the damage compounds.

Never scan QR codes from email attachments on personal devices. This is a growing AiTM delivery vector with almost no automated defences.

---

How PhishDefense Helps You Stay Ahead of AiTM

At PhishDefense, we believe that technical controls alone will never be enough. The best firewall in the world can't compensate for an employee who completes an MFA prompt on a proxy page.

Our multi-channel phishing simulations include realistic AiTM-style scenarios — including lookalike login pages and QR-code-based lure delivery — so your employees encounter these attacks in a safe environment before they face them in the real world. Repeated, realistic exposure builds the instinct to pause, verify, and report.

Our vishing and social engineering modules complement this by simulating the voice-based follow-up calls attackers increasingly use to pressure employees into re-authenticating or completing transfers. Because AiTM is rarely the only tactic in play.

And our risk scoring identifies which employees are highest-risk — so you can focus training where it matters most before an attacker does.

---

The Bottom Line: MFA Is Necessary but No Longer Sufficient

AiTM phishing represents a genuine evolution in the threat landscape. It is not a niche, advanced technique anymore — it is a widely deployed, commercially available attack method that is being used against businesses of every size, right now.

Enabling MFA was the right call. Stopping there is not.

Move toward phishing-resistant authentication where possible. Layer detection controls. And invest relentlessly in the one asset that sits in front of every technical control: your people.

Ready to find out how vulnerable your organisation really is? Contact the PhishDefense team for a tailored simulation and risk assessment. We'll show you exactly how an AiTM attack would land — before an attacker does.