They assume MFA means the account is safe. In practice, attackers still use token theft, prompt fatigue, phishing, and recovery abuse to take over the identity after MFA is present. The control reduces risk, but it does not remove the need for detection, containment, and recovery-path hardening.
Why This Matters for Security Teams
MFA is often treated as a finish line, but email compromise shows it is only one control layer. Attackers increasingly bypass the password itself and focus on token theft, adversary-in-the-middle phishing, MFA push fatigue, mailbox rule abuse, and account recovery abuse. That means the real security boundary is not “MFA present” but whether the organisation can detect post-authentication abuse quickly enough to stop persistence and lateral movement. The patterns documented in the 52 NHI Breaches Analysis and the Microsoft Midnight Blizzard breach show how identity compromise often continues after the login event itself. Current guidance from Anthropic on AI-orchestrated cyber espionage also reinforces that attackers automate credential abuse and adapt quickly once one account is exposed.
In practice, many security teams encounter mailbox takeover only after forwarding rules, OAuth grants, or recovery-channel changes have already been abused.
How It Works in Practice
The practical failure is assuming the login ceremony is the same as account safety. MFA reduces the chance of simple password replay, but it does not stop an attacker who steals session cookies, intercepts one-time codes, abuses a helpdesk reset, or convinces a user to approve a prompt. For email, that is especially dangerous because the mailbox is both a communications hub and a recovery hub for other services. Once an attacker controls email, they can reset passwords, approve device enrolment, and hide activity with inbox rules.
Effective defence shifts from static access checks to layered identity defence:
- Use phishing-resistant MFA where possible, especially for privileged and high-value accounts.
- Monitor for impossible travel, new forwarding rules, suspicious OAuth consent, and recovery profile changes.
- Restrict who can reset credentials and require stronger verification for recovery flows.
- Shorten session lifetimes for risky accounts and revoke tokens after suspicious events.
- Harden helpdesk workflows because social engineering often bypasses the technical MFA layer.
NHIMG research on the Ultimate Guide to NHIs is useful here because the same control weakness applies to secrets, tokens, and identities that never see a human login screen. That matters when an email account is linked to automation, API keys, or administrative consoles. These controls tend to break down in organisations that allow legacy authentication, weak recovery processes, or broad mailbox delegation because the attacker can pivot from one approved session into persistent access.
Common Variations and Edge Cases
Tighter MFA often increases friction, requiring organisations to balance stronger verification against helpdesk load, user fatigue, and recovery delays. That tradeoff is real, but current guidance suggests the answer is not weaker MFA, it is better targeting. Not every account needs the same treatment. Executive mailboxes, finance roles, admins, and accounts tied to cloud control planes deserve phishing-resistant MFA, stricter recovery, and tighter session policies than low-risk user populations.
There is no universal standard for this yet, but best practice is evolving toward conditional access plus post-authentication monitoring. For some environments, especially hybrid email estates and shared service accounts, MFA can create a false sense of completion because the attack path shifts to legacy protocols, delegated access, or identity proofing abuse. The lesson from the DeepSeek breach is that exposed credentials and weak controls often amplify one another; a single identity compromise can expose far more than the initial account. Organisations get this wrong when they measure MFA rollout as a coverage metric instead of measuring how quickly they can contain a compromised identity after the first alert.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Covers weak authentication and token abuse after MFA is bypassed. |
| OWASP Agentic AI Top 10 | A-04 | Identity abuse in autonomous workflows can begin with stolen email access. |
| CSA MAESTRO | ID.AC | Focuses on identity and access controls for autonomous and cloud-connected systems. |
| NIST CSF 2.0 | PR.AC-1 | Access control must account for post-authentication compromise and recovery abuse. |
| NIST AI RMF | GOVERN | Identity risks in AI-enabled environments require accountable governance and monitoring. |
Apply stronger identity assurance, least privilege, and session controls to high-value accounts.