A teller at an Auburn community bank gets a call on Microsoft Teams. It's from “IT support” — the name and photo look right — and they're calm and helpful: there's a sync issue with her account, can she reset her credentials and re-enroll her multifactor authentication while they stay on the line? She does. Everything works. She goes back to her morning. And somewhere else, an attacker has just registered their own device on the bank's network, with a session token that will stay valid for weeks. No password was cracked. No second factor was bypassed in the way anyone trained her to expect. From the bank's logs, the login looks perfectly legitimate.
That scenario is no longer the exotic case. VentureBeat reported this week that the attack now dominating financial services doesn't steal passwords — it resets MFA and steals the session token. The control that community banks, credit unions, and insurance and wealth shops across Allen County and DeKalb County trust most — multifactor authentication — was built to verify the moment of login. These attacks either remove MFA through social engineering or capture the token after MFA has already fired, and a stolen token is a valid token. CrowdStrike's senior vice president of counter adversary operations, Adam Meyers, put the economics bluntly: “Who needs a zero day if all you have to do is call the help desk and say, ‘I forgot my password’?”
For Northeast Indiana financial institutions, this matters twice over. First, you are squarely in the target set. Second, as you connect AI tools and AI assistants to your stack, a stolen session token hands an attacker the same standing access those tools have. This is a regional defense playbook: how the attack works in plain English, who is running it, the controls that actually stop it, and what changes the day you add AI to the picture.
Key Takeaways
- The dominant financial-services attack pattern bypasses passwords entirely: attackers reset MFA through help-desk social engineering or capture the live session token after MFA has already fired.
- A stolen session token is a valid token — it sails past MFA and single sign-on, because those controls verify login, not what happens after.
- CrowdStrike ranks financial services among the most-targeted sectors, with help-desk and identity-based intrusions rising sharply; Verizon's 2026 data shows the breach landscape shifting away from simple credential theft.
- Tokens persist. Refresh tokens can survive a password reset and an MFA re-enrollment, giving an attacker quiet access for weeks.
- The defenses are concrete: out-of-band verification for MFA resets, phishing-resistant FIDO2 keys, restricting OAuth device-code flow, token-binding, and continuous session monitoring.
- Once AI tools share your sign-on, a stolen token inherits the AI's access too — so human and agent sessions belong under one monitored control plane.
Why Doesn't MFA Stop This Attack?
Multifactor authentication answers one question well: is the person logging in right now who they claim to be? It was never designed to answer the question these attacks exploit: is the session that's already authenticated still in the right hands? There are two dominant paths, and both leave MFA technically intact while rendering it useless.
The first is the help-desk reset. An attacker calls or messages an employee — increasingly over Microsoft Teams, impersonating internal IT — and talks them into resetting their own credentials and re-enrolling MFA. The employee performs every step correctly; the attacker simply ends up registering their device as the trusted one. As CrowdStrike's CTO Elia Zaitsev told VentureBeat, “Traditional approaches are just not designed for this sort of behavior.” There's no malware to detect and no exploit to patch, because the human did exactly what the system asked.
The second path abuses a legitimate Microsoft feature. The FBI's Internet Crime Complaint Center issued a public service announcement on the Kali365 phishing-as-a-service kit that explains the mechanism: device-code phishing abuses the OAuth 2.0 Device Authorization Grant flow — the one designed so a smart TV or conference-room system can sign in using a short code entered on another device. The attacker starts a login, sends the victim a convincing email with a device code and a real Microsoft verification page, and the victim authenticates normally. Critically, the MFA prompt fires on the victim's own device, so it looks routine. What the victim has actually done is authorize the attacker's device. Microsoft then hands the attacker an OAuth token granting access to Outlook, Teams, and OneDrive — with no password and no further MFA prompt for the attacker's session.
Both paths share a structural truth that should reframe how a financial institution thinks about identity: MFA protects the front door, and these attacks either get a copy of the key or walk in behind someone who opened it. The second factor is not broken. It is simply blind to what happens once a session exists. That blindness is the whole game, and it is why “we have MFA on everything” is no longer a complete answer.
Who Is Actually Hitting Banks and Credit Unions in 2026?
This is not a theoretical risk borrowed from enterprise headlines. Financial services is one of the most-targeted sectors, and the targeting is rising. According to the CrowdStrike 2026 Financial Services Threat Landscape Report, financial services ranked as the fourth most-targeted sector by the first quarter of 2026, accounting for 12% of all observed adversary activity. Hands-on-keyboard intrusions against financial institutions rose 43% globally over two years — and 48% across North America. The number of financial-services entities named on data-leak sites climbed 27%, from 334 to 423 year over year. One actor CrowdStrike tracks as REVENANT SPIDER saw its financial-services victim count jump from 14 to 97 in a single reporting period.
The most active threat to the industry, per the report, is an e-crime group CrowdStrike calls MUTANT SPIDER, which drove the highest volume of intrusions using exactly the playbook above — Teams-based voice phishing, impersonating IT support, then selling the access it gained to ransomware operators. CrowdStrike notes that roughly 75% of hands-on-keyboard intrusions were driven by e-crime actors and about 25% by state-sponsored groups; the same report attributes more than $2 billion in stolen digital assets in 2025 to North Korea-linked adversaries. The headline is not any single gang — it's that the access broker model has industrialized. One crew specializes in getting in through the help desk; another buys that access and runs the ransomware.
The broader breach data confirms the shift away from the threats most security budgets were built for. Verizon's 2026 Data Breach Investigations Report, drawn from more than 22,000 confirmed breaches across 145 countries, found that for the first time in the report's roughly two-decade history, vulnerability exploitation overtook stolen credentials as the leading initial-access vector — exploitation now drives 31% of breaches, while credential abuse as an individual vector fell to 13%. Read those two numbers together with the financial-services picture and the message is clear: the simple “steal a password” attack is fading, and the attacks that work now either exploit a flaw or sidestep credentials entirely by hijacking the session. A community bank that has hardened password policy and called it done has hardened the wrong decade's problem. This is the same vertical-specific threat awareness we urged in the 2026 financial-services data-readiness audit — now pointed at identity rather than data.
How Does a Stolen Session Token Become an Account Takeover?
To defend against token theft you have to understand why a token is so valuable. When you log in and clear MFA, the system issues you a token — a piece of proof that you are already authenticated. As Obsidian Security explains in its breakdown of how token-based attacks bypass MFA, that token “grants access until expiration or revocation,” and it functions as a bearer credential: whoever holds it gets in, no re-authentication required. Steal the token and you inherit the session. SSO and MFA wave you through, because as far as they can tell, you already proved yourself.
Two things make this worse than it sounds. First, persistence. Refresh tokens can survive actions that everyone assumes would end an attacker's access — Obsidian notes they can persist even after a password reset and MFA invalidation. So the standard incident-response reflex (“reset their password, re-enroll MFA”) may not actually evict the intruder. Second, scale and stealth. Obsidian reports that adversary-in-the-middle attacks rose 146% over the past year, with nearly 40,000 token-theft incidents detected daily, and that token theft accounted for 31% of Microsoft 365 breaches in 2025 — making it the primary vector, not a fringe one.
The field reporting shows how methodical the follow-through is. Arctic Wolf's analysis of the Kali365 campaign, which it nicknamed “Token Bingo,” describes a multi-tenant phishing-as-a-service operation supporting both device-code abuse and adversary-in-the-middle session capture, with phishing lures impersonating trusted services like Adobe Acrobat Sign, DocuSign, and SharePoint. The targeting Arctic Wolf observed beginning in early April 2026 spanned manufacturing, insurance, financial, healthcare, and government organizations. After capturing a token, the attacker registered an additional device inside the victim's environment to extend access beyond the original token, and configured inbox rules that automatically moved emails containing words like “phish,” “spam,” and “SharePoint” into a folder and marked them read — quietly suppressing the very warnings that might have tipped off the user or the security team. The FBI's PSA adds the economics: Kali365 is sold on Telegram for as little as $250 a month, complete with AI-generated lures, which means this capability is now within reach of low-skill attackers, not just elite crews. That blend of convincing impersonation and cheap tooling is the same dynamic we mapped in Fort Wayne's deepfake business-crisis playbook — trust itself has become the attack surface.
The Token-Theft Defense Checklist for a 30-to-80-Person Financial Institution
A community bank or credit union with thirty to eighty employees will not buy its way out of this with an enterprise identity platform overnight. It can, however, close the specific gaps these attacks exploit with controls that are mostly configuration and process. The checklist below maps each control to what it actually stops and who should own it at an institution this size.
| Control | What it stops | Who owns it |
|---|---|---|
| Out-of-band verification for every MFA reset and help-desk request | The Teams/phone “IT support” reset — the attacker can’t complete a reset they can’t verify through a second, pre-agreed channel | Operations / help-desk lead, with a written verification script |
| Phishing-resistant FIDO2 / hardware security keys for staff | Credential phishing and many device-code lures, because the key is bound to the legitimate site and device | IT or managed IT provider, prioritizing privileged and finance roles first |
| Restrict the OAuth device-code flow in conditional access | The Kali365 device-code path — most staff accounts never legitimately need device-code sign-in | IT / identity admin in Microsoft Entra ID |
| Token-binding and shortened token lifetimes | Replay of a stolen token from an unfamiliar device, and long silent persistence windows | IT / identity admin, via session and token-lifetime policy |
| Continuous session monitoring for IP, device, and behavior anomalies | Quiet post-login activity — a valid token used from a new location or doing bulk actions | Security lead or monitoring service (continuous access evaluation) |
| Session-revocation drills | Slow, incomplete eviction — practicing kills refresh tokens and registered rogue devices, not just passwords | IT lead, as a scheduled tabletop exercise |
Two of these deserve emphasis because they directly counter the persistence problem. Obsidian's guidance points to device-bound credentials such as FIDO2 keys, token-binding cryptography, and Continuous Access Evaluation — which can revoke a session in near-real time rather than waiting for a token to expire — as the controls that meaningfully raise the cost of token theft. And the session-revocation drill matters precisely because the standard “reset the password” reflex does not evict an attacker holding a live refresh token or a self-registered device. If your incident plan has never been tested against “assume the token is already stolen,” you do not yet know whether you can actually get the attacker out.
What Changes Once You Add AI Tools and AI Employees?
Here is the part most financial institutions have not connected yet, and it is the reason this is a Cloud Radix concern and not just an IT-hygiene checklist. When you bolt an SSO-connected AI tool or AI assistant onto your stack — a copilot in your productivity suite, an AI agent that reads documents, an assistant wired into your line-of-business systems — that tool operates with real, standing access. A stolen session token does not just impersonate the human; it inherits whatever the human's session can reach, including the AI tools riding on that same sign-on. The attacker doesn't have to compromise the AI separately. They get it for free, with the token.
That changes the monitoring problem. You now have two kinds of sessions to watch — human and agent — and they often share the same identity plumbing. The defenses that protect a teller's session are the same ones that protect the AI assistant's session, which is an argument for watching both through one control plane rather than two disconnected tools. AI agents also raise the stakes on the persistence issue: an agent's session that quietly stays alive is an attacker's standing foothold inside your systems, working at machine speed. The right architecture gives AI tools their own scoped, monitored identities and routes their access through a control point where token and session activity — human and machine — can be inventoried and revoked together. That is the role a Secure AI Gateway plays for an AI-era financial institution: it is where the AI's access lives, gets watched, and gets cut off.
This is also why agent identity and authorization are not separate, future problems — they are this problem, one layer down. We've made the case that your AI Employees need their own identity rather than borrowing a human's, and laid out the Fort Wayne AI agent authorization audit for scoping what an agent is allowed to do once it's in. Token theft is the attack that makes both urgent: the day a human token is stolen, every shortcut you took on agent identity becomes the attacker's shortcut too.
What Should a Fort Wayne or Northeast Indiana Financial Institution Do First?
If you run IT or security for a community bank, credit union, or insurance or wealth shop in Fort Wayne, Auburn, or anywhere across Allen County and DeKalb County, you do not need to boil the ocean. Start where these attacks start: the help desk. Write and rehearse an out-of-band verification step for every MFA reset and credential request, so that a calm voice on Teams cannot talk a staff member into handing over access. That single process change blunts the most common path CrowdStrike documented, and it costs nothing but discipline.
From there, work the list in order of leverage: roll phishing-resistant security keys to your privileged and finance-facing roles first, restrict the device-code flow for accounts that never use it, and schedule a session-revocation drill that assumes a token is already stolen rather than a password. A 30-to-80-person institution can stand up the first three of those in weeks, not quarters. The point is not to achieve a Fortune-500 identity program — it's to stop being the easy target the access brokers are pricing at $250 a month. Regional financial institutions sit on exactly the data and the trust these actors monetize, and the defenses that close the gap are within reach of a lean team that decides to run them.
Close the Token Gap Before It Closes for You
The uncomfortable takeaway is that the control your institution leans on hardest — MFA — is the one these attacks are built to walk around. That is not a reason to abandon it; it's a reason to add the layers it was never meant to provide: verified resets, phishing-resistant keys, restricted token flows, and continuous session monitoring for humans and the AI tools that now share their access.
Cloud Radix helps Fort Wayne and Northeast Indiana financial institutions run that work end to end — a session and token security-posture review, a tested revocation plan, and a single monitored control plane for human and agent sessions as you adopt AI. If you're weighing AI Employees in Fort Wayne for your bank, credit union, or insurance practice, do the identity review first, so the access you're about to create is access you can see and revoke. Our AI Security team will start with your help-desk process and your token policy — the two places these attacks land first. Book a posture review before an access broker books your institution.
Frequently Asked Questions
Q1.How can attackers bypass MFA if it's enabled?
They don't break MFA — they work around it. In the dominant financial-services pattern, attackers either socially engineer a help desk or employee into resetting credentials and re-enrolling MFA on the attacker's device, or they capture the session token after MFA has already fired (for example, through OAuth device-code phishing, where the MFA prompt appears on the victim's own device). A stolen session token is a valid token, so single sign-on and MFA wave it through. MFA verifies the login; it does not verify the session that follows.
Q2.What is session token theft?
Session token theft is the capture and reuse of the credential a system issues after you successfully log in. That token proves you're already authenticated, so anyone holding it gets access without re-entering a password or MFA code. Attackers steal tokens through adversary-in-the-middle phishing, malware, or abuse of legitimate authentication flows. Because refresh tokens can persist even after a password reset, a stolen token can grant quiet access for weeks unless the session is explicitly revoked.
Q3.Why are banks and credit unions being targeted so heavily in 2026?
Financial institutions hold money, payment access, and high-value personal data, which makes them a priority for both e-crime and state-linked actors. CrowdStrike's 2026 report ranks financial services among the most-targeted sectors and documents sharp increases in hands-on intrusions, while access brokers using help-desk social engineering sell their entry to ransomware operators. Community banks and credit unions are attractive precisely because they hold enterprise-grade data with leaner security teams than the largest banks.
Q4.Does resetting passwords stop a token-theft attack?
Often, no. Resetting a password is the standard incident-response reflex, but security researchers note that refresh tokens and self-registered rogue devices can survive a password reset and even MFA re-enrollment. To actually evict an attacker, you need to revoke the active sessions and tokens, remove any devices the attacker registered, and confirm no persistence mechanisms remain. That's why practicing a session-revocation drill — not just a password reset — is a core defense.
Q5.What is OAuth device-code phishing?
Device-code phishing abuses Microsoft's OAuth 2.0 Device Authorization Grant — a legitimate flow that lets input-limited devices like smart TVs sign in using a short code entered elsewhere. The attacker starts a login, then tricks a victim into entering the attacker's device code on a real Microsoft page and approving it. The victim's MFA fires normally on their own device, so nothing seems wrong, but the approval hands the attacker an OAuth token with access to Outlook, Teams, and OneDrive. The FBI warned that the Kali365 kit automates this attack for as little as $250 a month.
Q6.Can a small Fort Wayne bank or credit union defend against this without a big security team?
Yes. A 30-to-80-person community bank, credit union, or insurance and wealth shop in Fort Wayne, Auburn, or across Allen County and DeKalb County can close the specific gaps these attacks exploit with controls that are mostly configuration and process: an out-of-band verification step for every MFA reset, phishing-resistant security keys for privileged and finance roles, restricting the OAuth device-code flow, and a tested session-revocation drill. The goal is not a Fortune-500 identity program — it is to stop being the easy target access brokers price at $250 a month.
Q7.How does token theft affect the AI tools my institution uses?
AI tools and assistants connected through single sign-on operate with real, standing access to your systems. A stolen session token inherits that access — so an attacker who hijacks a human session also gains whatever the AI tools on that session can reach, without compromising the AI separately. This is why human and AI-agent sessions should be monitored and revocable through one control plane, and why AI tools should be given their own scoped, watched identities rather than riding silently on a human's sign-on.
Sources & Further Reading
- VentureBeat: venturebeat.com/security/attack-dominating-financial-services-resets-mfa-steals-token — The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.
- CrowdStrike: crowdstrike.com/en-us/blog/crowdstrike-2026-financial-services-threat-landscape-report — CrowdStrike 2026 Financial Services Threat Landscape Report.
- Verizon: verizon.com/business/resources/reports/dbir — 2026 Data Breach Investigations Report (DBIR).
- FBI Internet Crime Complaint Center: ic3.gov/PSA/2026/PSA260521 — Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens.
- Arctic Wolf: arcticwolf.com/resources/blog/token-bingo-dont-let-your-code-be-the-winner — Token Bingo: Don't Let Your Code Be the Winner.
- Obsidian Security: obsidiansecurity.com/blog/token-based-attacks-how-attackers-bypass-mfa — Token-Based Attacks: How Attackers Bypass MFA.
Close the Token Gap at Your Institution
We will review your session and token security posture, harden your help-desk reset process, and stand up one monitored control plane for human and AI-agent sessions — built for a Fort Wayne or Northeast Indiana bank, credit union, or wealth shop.
