I found this article about an adversary in the middle attack leading to threat actors gaining access to employee direct deposits. The article can be found HERE.
One key point is how this article highlights how all multifactor authentication isn’t created equally. Just because you are doing MFA, that doesn’t mean you are not at risk for this type of attack. This image breaks down how the attack works. You first have a phishing attack that convinces the victim to log into a fake login site. The adversary collects the login and uses it on the real website to access the victim’s account.
Microsoft points out why forms of MFA that rely on one-time codes, emails, text messages, and push notifications should be avoided whenever possible. Hence, it is highly recommended that you modernize your access control methods including not using MFA options that put you at risk for this type of attack. Check out the article for more details found HERE.