Kurzfassung
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real Microsoft site and typing a code they...
Wie es funktioniert
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real Microsoft site and typing a code they...
Warnzeichen
- : Someone (by email, SMS, or chat) instructs you to go to microsoft.com/devicelogin and enter a code they sent you. A login screen asks you to grant broad permissions (mail, files, profile) to an unfamiliar app. Pressure to act quickly, often framed as a security alert or urgent task from IT
Was tun
- 1: Never enter a device code sent to you by someone else — legitimate flows originate from a device you own. Review Microsoft account permissions regularly at entra.microsoft.com and revoke unknown app consents. Enable MFA, use phishing resistant keys (FIDO2/Windows Hello), and report suspicious device login prompts to your
Quelle
securelist
Quelle geprueft vom Mythos Forensic Team
https://securelist.com/microsoft-device-code-phishing-attack/120350/FAQ
Ist Device Code Phishing: How Attackers Exploit Microsoft Login to Steal Your Account ein reales Betrugsmuster?
Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.
Was sind die ersten Warnzeichen?
: Someone (by email, SMS, or chat) instructs you to go to microsoft.com/devicelogin and enter a code they sent you. A login screen asks you to grant broad permissions (mail, files, profile) to an unfamiliar app. Pressure to act quickly, often framed as a security alert or urgent task from IT
Was sollte ich zuerst tun?
: Never enter a device code sent to you by someone else — legitimate flows originate from a device you own. Review Microsoft account permissions regularly at entra.microsoft.com and revoke unknown app consents. Enable MFA, use phishing resistant keys (FIDO2/Windows Hello), and report suspicious device login prompts to your
Kann LegalAudit meinen Fall pruefen?
Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.