Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass MFA. Abnormal Security reports a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts. The FBI has estimated that US businesses lost some $1.7 billion to BEC-related fraud in 2019.”]