Attackers don’t break in — they log in. Two decades of breach reporting confirm it: the compromise of valid credentials and authentication artifacts is the dominant initial access vector across enterprise environments. Phishing is not a social engineering problem in the way most organizations treat it. It is a technically mature mechanism for extracting, intercepting, and replaying the authentication material that identity systems are designed to trust.

Understanding how phishing actually works — at the protocol level, not just the awareness-training level — is prerequisite to building defenses that hold. What follows is a system-level walkthrough of how a modern phishing attack unfolds, step by step, and what it actually takes to stop it.

The Attack You Can’t See Coming

A finance employee receives an email that appears to be from DocuSign. The message is routine — a contract requiring their signature. The sender domain looks right at a glance. They click the link, land on a page that looks exactly like their company’s Microsoft 365 login, and authenticate normally. They complete an MFA prompt. They’re redirected to a real DocuSign document. Nothing seems wrong.

What actually happened is an adversary-in-the-middle (AiTM) phishing attack. The employee authenticated through an attacker-controlled reverse proxy sitting invisibly between their browser and Microsoft’s real identity provider. The proxy relayed their credentials and MFA response to Microsoft in real time, received a valid session cookie in return, and quietly retained a copy. The attacker now holds an authenticated session — and the employee has no idea.

This scenario is not hypothetical. It describes the operational pattern behind the majority of modern credential-based intrusions. Everything that follows explains why it works.

Video thumbnail: Anatomy of Phishing Attacks

Authentication Systems Trust Artifacts, Not People

Modern enterprise environments are identity-first. Applications, APIs, and cloud services don’t evaluate who is behind a request — they evaluate whether the request is accompanied by valid authentication material. This distinction is foundational.

Phishing exploits the gap between two different kinds of trust. Human trust involves judgment about context, intent, and legitimacy. Machine trust validates credentials, tokens, and sessions deterministically — without any of that judgment. Once valid authentication material is presented, systems do exactly what they are designed to do: grant access.

Several structural properties of modern environments amplify the impact. Centralized identity providers mean one successful phish can unlock dozens of downstream services. Single Sign-On extends blast radius by design. Token-based authentication shifts the attacker’s target from passwords to session cookies and bearer tokens that can be replayed from any location. Remote work has eliminated many of the implicit network trust signals that once provided secondary context.

Phishing works not because systems are poorly designed, but because they are correctly designed to trust valid identity artifacts — regardless of how those artifacts were obtained.

Six Steps That Explain Every Credential Breach

While phishing campaigns vary in sophistication, successful attacks follow a consistent technical lifecycle. Understanding each step maps controls and detections to specific failure points, rather than treating phishing as a single monolithic risk.

1. Lure Engineering

The attack begins with reconnaissance and targeting. Attackers collect information from public sources, prior breaches, business workflows, and organizational patterns to craft messages that appear routine rather than alarming. The more mundane the lure, the more effective it tends to be.

AI has eliminated the traditional tells. Grammar errors, inconsistent formatting, and implausible sender context — the signals that awareness training was built to catch — are trivially corrected by any capable language model. The UK’s National Cyber Security Centre assessed that AI meaningfully increases both the effectiveness and scale of phishing campaigns. More significantly, AI enables personalization at volume: lures tailored to an individual’s role, recent activities, and communication patterns, generated at a scale that was previously not operationally feasible. Awareness training was already a weak primary control; AI-enhanced lure generation makes it effectively insufficient on its own.

Email authentication standards — SPF, DKIM, and DMARC — raise the bar against domain spoofing and are worth deploying in enforcement mode. But they are not a complete defense: attackers routinely register lookalike domains that pass all three checks, or compromise legitimate senders entirely. Controls that rely exclusively on users recognizing suspicious messages operate entirely in this phase — and fail the moment a user engages.

2. Authentication Redirection

Once the user interacts with the lure, they are redirected to infrastructure positioned at an authentication boundary. What matters here is not visual fidelity — it is protocol compatibility.

Modern phishing infrastructure is built around AiTM frameworks. Tools like Evilginx and Modlishka function as transparent reverse proxies: they receive the victim’s browser requests, forward them to the real identity provider, and return the legitimate responses — including login pages, MFA prompts, and redirects — back to the victim in real time. From the user’s perspective, the experience is indistinguishable from a normal login. From the system’s perspective, a legitimate authentication flow is in progress.

The attacker’s infrastructure is not pretending to be Microsoft or Okta. It is actively relaying communications to and from them, positioned silently in the middle of a genuine authentication exchange. The authentication flow itself is entirely legitimate — the context in which it occurs is not. This is where most traditional security assumptions break down.

3. Token Capture

Historically, phishing targeted usernames and passwords. In modern enterprise environments, that is only the first — and often least important — artifact.

After a user successfully authenticates, the identity system issues session artifacts — tokens and cookies — that the browser presents with each subsequent request. These are implemented using OAuth 2.0 and OpenID Connect. Once authentication completes, access is represented not by an ongoing dialogue but by possession of issued artifacts that downstream systems trust by design.

The most important of these is the bearer token. Bearer tokens are self-contained credentials: any system that receives one treats the request as authenticated, regardless of who is presenting it or from where. Whoever bears the token is treated as the authenticated principal.

In an AiTM attack, the reverse proxy captures these artifacts from the authentication response before forwarding the remainder to the victim. By the time the user lands on the legitimate destination, the attacker already holds a valid session cookie or access token. MFA may have been fully satisfied during this exchange — because the victim completed it through the relay. Any authentication artifact that can be replayed outside its original context is inherently phishable. MFA proves a user authenticated. It does not prevent the resulting session from being intercepted and reused.

4. Session Replay

Once a session cookie or access token is obtained, the attacker no longer needs the user’s password. The token is the identity.

Traditional multi-factor authentication was designed to ensure that only the legitimate user could complete an authentication event. It was not designed to prevent an attacker from resuming a session that the legitimate user already completed. The attacker does not bypass MFA — they allow the victim to complete it through the relay, then inherit the resulting session.

By replaying the captured session material from their own environment, attackers access cloud applications, interact with APIs and management consoles, and do so appearing indistinguishable from the legitimate user. Because the session is valid, most traditional controls cannot reliably differentiate attacker activity from normal behavior.

5. Persistence and Expansion

Initial access is rarely the end state. With authenticated access, attackers begin mapping permissions, discovering connected services, and identifying opportunities to persist beyond the lifetime of the stolen session.

Common post-access activities include registering new MFA devices, minting additional API keys or OAuth tokens, and leveraging overly broad roles to move laterally. Because these actions occur entirely within an authenticated context, they blend into normal administrative activity and evade detection until significant damage is done. Identity compromise is rarely isolated — without strong privilege boundaries and anomaly detection focused on identity telemetry, initial access expands quietly.

6. Data Access and Exfiltration

The final stage mirrors any post-compromise operation. Attackers access sensitive data, manipulate resources, or exfiltrate information using the same mechanisms available to legitimate users.

At this point, perimeter defenses are largely irrelevant. The identity system has vouched for the attacker, and downstream systems comply accordingly. By the time data access is detected, the root failure occurred much earlier in the authentication chain. The strategic priority is to break the kill chain at steps 2 or 3, before a valid session is ever issued to an attacker.

Phishing Isn’t Just Email Anymore

The same kill chain plays out through voice. AI voice synthesis can clone a voice from a short audio sample — a recorded meeting, a public video, a voicemail. An attacker who has researched a target organization can synthesize an executive’s voice and call a finance employee with an urgent wire transfer request, or an IT staffer with a credential reset. The trust signal being exploited — a familiar voice — is far harder to interrogate than a suspicious email. There is no hover-over-the-link equivalent.

The FBI issued a specific advisory on AI-generated voice phishing in 2024, noting that attackers were impersonating senior officials and executives to authorize fraudulent transactions. The scale has since overtaken the advisory. Deepfake-enabled vishing surged 1,600% in Q1 2025 alone, contributing to $1.1 billion in US deepfake fraud losses for the year. The canonical enterprise reference is Arup: employees authorized a $25.6 million wire transfer after a video conference call in which the CFO and multiple senior colleagues appeared to participate — every participant was a fully AI-generated synthetic persona. No voice was real. No face was real. Nothing failed any check the employees were positioned to run. Help desk environments remain particularly exposed: verification processes that rely on voice recognition or caller familiarity are straightforward to bypass with synthesized audio. The lure is different; the attack logic is identical. Organizations that have hardened their email authentication posture but left their help desk verification processes unchanged have hardened the wrong surface.

Breaking the Kill Chain Before a Session Is Issued

Mitigating phishing requires moving beyond detection and awareness toward architectural resilience. The strategic objective is to break the kill chain before step 3 — before a valid session is ever issued to an attacker.

Phishing-Resistant Authentication

Authentication mechanisms that rely on reusable secrets or bearer tokens are inherently phishable. The solution is cryptographic binding.

FIDO2 and passkeys are the most mature implementation of this principle. When a user authenticates with a FIDO2 credential, their device generates a cryptographic signature using a private key that never leaves the device. The signature is scoped to the specific relying party origin of the authentication request. An AiTM reverse proxy cannot satisfy this requirement: it cannot present a valid FIDO2 assertion on behalf of the real identity provider, because the cryptographic binding breaks the moment the origin changes. There is no stolen artifact to replay because no replayable artifact is ever issued. This defeats AiTM attacks by design, not detection. Passkeys also eliminate passwords entirely — removing a credential category from the attack surface rather than trying to defend it.

Token and Session Hardening

Even where phishing-resistant authentication is not yet fully deployed, reducing the value and longevity of session artifacts limits attacker dwell time and blast radius. Practical measures include minimizing token lifetimes, binding sessions to device signals or network context, and deploying Continuous Access Evaluation (CAE) — a capability supported by major identity providers that allows downstream services to revoke sessions in near real time when risk signals change, rather than waiting for a token to expire. Where a stolen session might previously remain valid for hours, CAE can reduce that window to minutes.

Identity-Centric Detection

Effective detection focuses on identity behavior rather than network perimeter signals. The session anomalies that indicate post-capture activity follow a consistent pattern: authentication from one device or location followed immediately by access from a different device fingerprint or IP; new MFA device registrations within minutes of a successful login; access patterns in the first 30 minutes post-authentication that don’t match the user’s baseline; API or management console activity inconsistent with the user’s role.

These signals matter because they represent the post-capture window — the gap between when an attacker inherits a session and when that session would normally expire. Identity telemetry is often the only place an AiTM attack leaves a trace, because everything else about the authentication looked normal.

Email Authentication as a Lure-Disruption Layer

Deploying SPF, DKIM, and DMARC in enforcement mode raises the cost of impersonating your domain in phishing lures. It removes the lowest-effort spoofing option and reduces the surface area of lure infrastructure. It does not prevent attackers from registering lookalike domains or compromising third-party senders. It is a baseline control, not a complete defense — but the organizations that haven’t deployed it are leaving an easy attack vector open for no reason.

The Only Durable Defense Is Architectural

Phishing has adapted to every defensive evolution the industry has deployed. Passwords gave way to MFA; adversary-in-the-middle phishing adapted to harvest the sessions that MFA produces. Awareness training helps at the lure phase, but the technical structure of AiTM attacks bypasses user detection entirely — the authentication flow looks legitimate because it is legitimate.

The only durable response is to eliminate replayable authentication artifacts. FIDO2 and passkeys achieve this by making the credential cryptographically bound to the origin — a property that cannot be proxied. Organizations that complete this migration are not reducing phishing risk incrementally; they are removing AiTM phishing as a viable attack path altogether. Everything else — token hardening, session monitoring, anomaly detection — reduces blast radius. Phishing-resistant authentication removes the blast.

As long as credentials remain the primary gate to enterprise systems, phishing will remain the most efficient path to access. The strategic objective is not to eliminate human error — it is to design systems where a single mistake cannot become a breach.

Sources

  1. Verizon, Data Breach Investigations Report, 2024
  2. UK National Cyber Security Centre, “The near-term impact of AI on the cyber threat,” January 2024
  3. FBI Internet Crime Complaint Center, Public Service Announcement on AI Voice Phishing, 2024
  4. FIDO Alliance / W3C, Web Authentication (WebAuthn) Specification, Level 2
  5. OpenID Foundation, Continuous Access Evaluation Protocol (CAEP) Specification
  6. Regula Forensics, 2025 Identity Fraud Report — 1,600% vishing increase Q1 2025; 680% YoY voice deepfake fraud
  7. Arup Group, confirmed wire fraud disclosure, 2024 — $25.6M deepfake video conference social engineering incident