Multi-factor authentication was supposed to be the solution. For years, security teams have told employees that MFA would keep them safe. Password stolen? No problem — attackers still need that second factor.
But adversary-in-the-middle (AiTM) phishing has changed everything. These attacks do not try to steal passwords and MFA codes separately. They capture the entire authentication flow in real time, including the session token that proves a user is logged in. The employee does everything right — checks for HTTPS, verifies the MFA prompt, avoids suspicious attachments — and still gets compromised.
This should concern every security leader. If our training, our MFA and our security awareness programs cannot protect someone who is genuinely trying to be careful, then what exactly are we promising when we tell users MFA will keep them safe?
Why this is not the phishing you trained for
Traditional phishing meant sloppy fake login pages with typos and dodgy URLs. Those pages could not handle MFA because they had no connection to the real authentication service.
Here is what changed, and I wish more security leaders understood this: modern phishing pages are not fake. They are proxies.
Tools like Evilginx sit between the user and the legitimate service — Microsoft, Google, Okta, whatever — and relay everything in real time. The employee types their password. It goes to Microsoft. Microsoft sends the MFA challenge. It flows back through the proxy to the employee’s phone. The employee approves it. The session cookie — that golden token proving authentication — passes right back through the proxy into the attacker’s hands.
The employee sees a successful login and gets on with their day. The attacker takes that same session cookie, opens a browser on a completely different machine, and they are in. No password needed. No MFA prompt. Just a clean, authenticated session that belongs to someone else.
What bothers me most is how quiet it is. There are no failed login attempts. No MFA fatigue bombing. No brute force alerts. Everything looks normal because, technically, everything was normal. The authentication was real. The attacker just watched it happen.
And this is not a nation-state technique anymore. Phishing-as-a-Service platforms — Tycoon 2FA, Sneaky2FA, FlowerStorm — have turned this into a commodity. According to Barracuda’s frontline security predictions, over 90 percent of credential compromise attacks are expected to involve sophisticated phishing kits by the end of 2026. A separate Barracuda threat report found that 90 percent of high-volume phishing campaigns in 2025 relied on PhaaS kits, with the number of known kits doubling over the year. You do not need to understand reverse proxies to run this attack. You need a credit card and a subscription.
Three failures that keep showing up
Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful.
1. We trained our people for the wrong threat
Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over links. That advice was built for 2015 phishing. In an adversary-in-the-middle attack, there are no misspellings because the page is real — it is being proxied from the actual service. The SSL certificate is valid because the proxy obtains its own legitimate certificate. The login flow behaves exactly as expected because it is the real login flow, just observed by someone in the middle.
Security researchers have tested this extensively. Setting up an Evilginx proxy against a test tenant and sending phishing links to security professionals — people who know what phishing looks like — consistently catches a significant number of them. If people whose literal job is spotting these attacks cannot tell the difference, expecting finance or HR staff to do so is unrealistic. Research from Push Security confirms phishing has gone omni-channel, with roughly one in three phishing attacks now delivered outside of email entirely, through channels like LinkedIn DMs and Google Search.
2. We trust session cookies too much
Once MFA is completed, most organisations treat the resulting session as sacred. The user proved who they are, so we let them work. But session cookies are bearer tokens — whoever holds them is the authenticated user. There is no binding between the cookie and the device that generated it. There is no fingerprint. There is no anchor. An attacker who steals a session cookie from London can replay it from an entirely different location, and the identity provider will accept it as the legitimate user. Research from Silverfort demonstrated that even after successful FIDO2 authentication, many identity providers remain vulnerable to session hijacking because the session tokens created after authentication are not adequately protected.
3. We react to credential theft, not session theft
Incident response playbooks are built around compromised passwords: Force a reset, revoke tokens, re-enroll MFA. But in an adversary-in-the-middle attack, the password is not the primary concern — the session is. Industry reports consistently show response teams resetting passwords and considering the case closed, while attackers continue operating on stolen sessions for days. If you are not revoking all active sessions and monitoring for session replay, you are not actually remediating the compromise.
What actually works
The uncomfortable truth is that traditional MFA — push notifications, SMS codes, authenticator apps — cannot defend against adversary-in-the-middle phishing. The authentication succeeds because it is real authentication. The attacker simply observes and copies the result. Here is what actually makes a difference.
Deploy phishing-resistant authentication
FIDO2 security keys and passkeys bind authentication cryptographically to the specific domain. If the login request comes from a proxy domain instead of the real service, the key refuses to sign the challenge. According to Microsoft’s documentation on passkeys, passkeys use origin-bound public key cryptography, ensuring credentials cannot be replayed or shared with malicious actors. Rolling out hardware keys can be challenging — budget approvals take time, users need training. But start somewhere. Finance teams, IT admins and executives should be first. The people with the most valuable access need the strongest authentication. It is worth noting that Proofpoint researchers have demonstrated a downgrade attack against FIDO in Microsoft Entra ID by spoofing an unsupported browser, so organisations should also disable fallback authentication methods where possible.
Bind sessions to devices
Conditional Access policies that require managed, compliant devices create a hardware anchor that cookie replay cannot bypass. If someone steals a session cookie and tries to replay it from an unmanaged machine, the session gets killed. This is one of the most impactful changes organisations can implement. It is not foolproof, but it eliminates the easiest replay vector overnight.
Monitor for session anomalies, not just failed logins
The adversary-in-the-middle attack does not generate failed logins. It generates perfect-looking successful ones. The signals are in what happens after authentication. Watch for impossible travel between the authentication IP and subsequent session activity. Watch for new MFA device registration within minutes of login. Watch for inbox rule creation. Barracuda’s threat analysis highlights that attackers are increasingly using MFA code theft via relay attacks and targeting MFA recovery flows, making post-authentication monitoring more critical than ever. These are the post-compromise actions that attackers perform consistently, and building detection rules around these patterns catches attempts that traditional monitoring misses entirely.
Rebuild your security awareness training
Stop teaching people to spot phishing pages — they cannot, not against modern attacks. Push Security’s analysis notes that the vast majority of phishing attacks today use reverse proxies capable of bypassing most forms of MFA in real time, and that old-school approaches to URL blocking leave defenders two steps behind attackers. Instead, teach employees one simple rule: If you did not initiate the login yourself by typing the URL directly, do not trust it. Do not click login links in emails, even if they look legitimate. Navigate to the service directly. Bookmark your login pages. And give people a simple, frictionless way to report anything that feels wrong, even if they cannot explain why.
The uncomfortable conclusion
The security industry spent years telling organisations that MFA was the answer. It was — for the threats we had then. But the threat has evolved, and our defenses have not kept pace.
Adversary-in-the-middle phishing does not break MFA. It does not need to. It sits patiently in the middle, watches the authentication happen exactly as designed, and copies the result. Our strongest defence does not fail — it succeeds, and the attacker benefits anyway.
The organisations that recognise this shift and move to phishing-resistant authentication will be protected. The rest are waiting for a breach that will look exactly like a normal Monday morning login — until it is too late.
We told our employees MFA would keep them safe. We owe them a defence that actually does.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?