Kurzfassung
EvilTokens is a phishing as a service kit sold on Telegram that compromises Microsoft 365 accounts without fake login pages or stolen passwords. Attackers trick victims into completing a legitimate OAuth device code sign in on the real...
Wie es funktioniert
EvilTokens is a phishing as a service kit sold on Telegram that compromises Microsoft 365 accounts without fake login pages or stolen passwords. Attackers trick victims into completing a legitimate OAuth device code sign in on the real...
Warnzeichen
- An unsolicited email or chat asks you to visit microsoft.com/devicelogin and enter a short numeric code you did not request Lures use generic wording like "Verify to view" or "Signature required" paired with a decoy page impersonating a known brand The authentication flow looks completely real: no misspelled domains, no fake login form, yet Microsoft still warns that you should never enter codes from untrusted sources
Was tun
- 1Refuse any device code you did not personally initiate
- 2close the page and report the message to your IT team Confirm document or invoice requests via a
Quelle
welivesecurity
Quelle geprueft vom Mythos Forensic Team
https://www.welivesecurity.com/en/cybercrime/eviltokens-phishing-doesnt-steal-password/FAQ
Ist EvilTokens: Microsoft 365 phishing that bypasses passwords and 2FA via device code hijack ein reales Betrugsmuster?
Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.
Was sind die ersten Warnzeichen?
An unsolicited email or chat asks you to visit microsoft.com/devicelogin and enter a short numeric code you did not request Lures use generic wording like "Verify to view" or "Signature required" paired with a decoy page impersonating a known brand The authentication flow looks completely real: no misspelled domains, no fake login form, yet Microsoft still warns that you should never enter codes from untrusted sources
Was sollte ich zuerst tun?
Refuse any device code you did not personally initiate; close the page and report the message to your IT team Confirm document or invoice requests via a
Kann LegalAudit meinen Fall pruefen?
Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.