Russian Spies Master Phishing: Beware the Device Code Trap! | TechEnclave

Russian state-sponsored hackers have launched a sophisticated phishing campaign targeting Microsoft 365 accounts using a technique called device code phishing. This method, designed for devices lacking browser capabilities, involves attackers impersonating trusted officials to lure users into providing access codes via messenger apps. Once the target enters the code, the attackers gain unauthorized access to the account, exploiting the ambiguity of the device code authentication process. Security experts urge vigilance, as these attacks have proven more effective than previous phishing efforts.

What steps do you take to verify the authenticity of unexpected access requests?

Source: https://arstechnica.com/information…e-code-phishing-to-hijack-microsoft-accounts/