New Microsoft scam turns security feature against users
Microsoft never sends codes randomly, so any unexpected prompt is a potential attack
A new Microsoft login scam is spreading, stealing users private information. Shockingly, it doesn’t rely on stolen passwords. Hackers are exploiting Microsoft’s device code login, a legitimate authentication feature, to trick users into giving access to their accounts.
This scam utilises a technique known as device code phishing that enables the attackers to generate a code and convince victims to enter it on their device, giving the hackers full access to their account.
How does Microsoft security scam works?
Microsoft security experts says that the device code login is meant for devices that cannot display a full authentication page. Attackers start a login session on their own device and generate a valid code.
They then send their victims this code through emails and messages that mimic urgent Microsoft 365 notifications. When they enter the code, they are unwittingly providing the attacker with an access token and handing them control of their accounts.
This phishing scam is difficult to identify, as it looks authentic and is different from others because it actually gives attackers control of accounts by turning one of Microsoft’s security features on itself.
How to protect your Microsoft account?
To stay safe, Microsoft users should:
- Only enter device codes they initiated themselves
- Avoid entering codes sent via email or message unexpectedly
- Treat unrequested prompts or MFA notifications as suspicious
- Regularly review account activity for unknown logins
Understanding how device code login works is critical. Microsoft never sends codes randomly, so any unexpected prompt is a potential attack.
-
Can you really fall in love with an AI? Study says yes
-
Apple sends legal letters to dozens of ex-staff at OpenAI
-
Do tech workers need to study AI after hours too?
-
Indonesia targets Google, AI platforms with sweeping copyright rewrite: Here’s why
-
Moonshot's Kimi K3 is now the world's largest open AI model
-
No single AI model wins at vulnerability detection: Study
-
Scientists unveil breakthrough robot that can dress people without human help
-
EA Sports confirms Connected Franchise mode and new gameplay features for NHL 27
