A behind-the-scenes look at how Clearbridge MDR protected a customer from a sophisticated phishing attack
In early June, one of our customers nearly became the victim of a sophisticated Business Email Compromise (BEC) attack.
It started with a simple click. A staff member unknowingly entered their Microsoft 365 credentials into a highly convincing phishing website. The attackers used a method called Adversary-in-the-Middle (AitM) phishing — stealing the session token to bypass MFA and gain full account access.
But they didn’t get far.
Thanks to our Managed Detection and Response (MDR) service, the attacker’s access was terminated within seconds. Our 24/7 monitoring system detected the malicious session and issued a forced sign-out immediately.
Within minutes, our team had:
• Escalated the case to our security response team
• Coordinated a secure password reset with the user
• Re-registered multifactor authentication (MFA)
• Completed a full audit confirming no data loss or lateral movement
What could’ve been a breach, became a non-event.
How It Was Stopped
✅ Real-time detection
✅ Automated session termination
✅ Human-backed response
✅ Post-incident audit
Without MDR, this session could have lasted for hours — giving the attacker time to steal emails, forward messages, or impersonate internal staff.
Root Cause
The phishing link looked innocent — but led to a spoofed login page hosted at:
hxxps://login[.]messages[.]landscapeeconomics[.]com/
Once the user logged in, the attackers intercepted the token and initiated a valid Microsoft 365 session. That’s why traditional MFA didn’t stop it.
What We Did Next
We helped the customer level up their defences by:
Recommended Next Steps:
- Enforcing stronger MFA registration policies
- Recommending conditional access based on risk, location, and device
- Supporting phishing-resistant MFA options (like FIDO2 keys)
- Improving user training with real-world phishing simulations
Why it Matters
Cybersecurity isn’t just about having tools. It’s about having the right team and strategy. This incident proves why MDR is essential for modern businesses, especially those relying on Microsoft 365.
Need help protecting your people and data? We’re here to help.
Talk to us about your businesses cyber security today! Call us at +1 206-895-5595 or book your free discovery call to get started.
