En bref
EvilTokens is a phishing as a service kit sold on Telegram that compromises Microsoft 365 accounts without fake login pages or stolen passwords. Attackers trick victims into completing a legitimate OAuth device code sign in on the real...
Comment ca fonctionne
EvilTokens is a phishing as a service kit sold on Telegram that compromises Microsoft 365 accounts without fake login pages or stolen passwords. Attackers trick victims into completing a legitimate OAuth device code sign in on the real...
Signaux d'alerte
- An unsolicited email or chat asks you to visit microsoft.com/devicelogin and enter a short numeric code you did not request Lures use generic wording like "Verify to view" or "Signature required" paired with a decoy page impersonating a known brand The authentication flow looks completely real: no misspelled domains, no fake login form, yet Microsoft still warns that you should never enter codes from untrusted sources
Que faire
- 1Refuse any device code you did not personally initiate
- 2close the page and report the message to your IT team Confirm document or invoice requests via a
Source
welivesecurity
Source verifiee par Mythos Forensic Team
https://www.welivesecurity.com/en/cybercrime/eviltokens-phishing-doesnt-steal-password/FAQ
EvilTokens: Microsoft 365 phishing that bypasses passwords and 2FA via device code hijack est une vraie arnaque ?
Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.
Quels sont les premiers signaux ?
An unsolicited email or chat asks you to visit microsoft.com/devicelogin and enter a short numeric code you did not request Lures use generic wording like "Verify to view" or "Signature required" paired with a decoy page impersonating a known brand The authentication flow looks completely real: no misspelled domains, no fake login form, yet Microsoft still warns that you should never enter codes from untrusted sources
Que faire en premier ?
Refuse any device code you did not personally initiate; close the page and report the message to your IT team Confirm document or invoice requests via a
LegalAudit peut-il verifier mon cas ?
Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.