Microsoft 365 Users Targeted in Device Code Phishing Attacks

Microsoft 365 users are targeted by phishing attacks exploiting OAuth 2.0 device authorization. Attackers trick users into granting access tokens via emails with misleading content. Tools like Squarephish and Graphish facilitate these campaigns, allowing low-skilled actors to launch sophisticated attacks. Mitigation strategies include implementing Conditional Access policies to block or restrict device code flows.

https://www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top